CIO Influence
CIO Influence News Networking Security

NowSecure Announces the World’s First Dynamic Software Bill of Materials (SBOM) for Mobile Apps

NowSecure Announces New Pen Testing Service and Software for OWASP MASVS Compliance
Early Access Program Enables Organizations to Access Dynamically Generated SBOMs for Any Mobile App Binary

NowSecure, the leading standards-based mobile app security and privacy software company, announced an early access program for NowSecure Platform Software Bill of Materials (SBOM). Now organizations can gain visibility into the critical components of any mobile app running on iOS or Android including the native and 3rd party libraries and frameworks, the endpoints and geolocation for any detected data transmission, and a summary of vulnerabilities present, so that they can better understand the risks in their mobile apps and meet new federal SBOM standards.

“Today we announce NowSecure SBOM – the world’s first mobile app SBOM tool plus support for CycloneDX OWASP standard”

Top iTechnology Cloud News: Modis Positioned as Leader on Both US IT Staffing and US Staffing PEAK Matrix Reports From Everest Group

“Mobile apps are the new gateway to the enterprise, and first-party and third-party libraries and frameworks in those mobile apps have become a primary path for attacks,” said NowSecure CEO Alan Snyder. “SBOMs are foundational items that should be generated for EVERY new version of a mobile app so that everyone knows what is in the software that they are using, and so that the enterprise can protect itself from critical supply-chain risks. Organizations are already doing this for web apps and will now be able to get much needed observability into their mobile app supply chain.”

As the world’s first mobile SBOM solution, NowSecure goes beyond traditional SBOM source code analysis techniques to deliver more comprehensive results. Purpose-built for mobile apps, the NowSecure Platform SBOMs are generated by statically and dynamically analyzing the compiled mobile app binary running on real iOS and Android devices, generating rich details on libraries, frameworks, API endpoints, data transmission location and summary vulnerability information. Because NowSecure analyzes the compiled mobile app binary, it can process both internally developed mobile apps and public apps found in the Apple and Google app stores, providing critical insights to enterprises using any of the more than 6 million commercial apps.

Top Security News: deepwatch Adds Cybersecurity Luminaries to Board of Advisors Amidst Rapid Company Growth

Using the NowSecure Platform SBOM tool, organizations can gain visibility into four critical details of any mobile app running on iOS or Android so that they can better understand the supply chain risks in the mobile apps they build and use:

  • the list of first party and third party libraries and frameworks directly found or identified as transitive dependencies in the compiled mobile app binary including the most current published version
  • the licenses relevant to each component of the mobile app
  • the list of endpoints and geolocation information for any detected data transmission found during dynamic analysis
  • a summary of security vulnerabilities detected while dynamically analyzing the mobile app to generate the SBOM

The NowSecure SBOM provides PDF reports and machine readable industry-standard CycloneDX data feeds to deliver immediate, actionable benefits that include gaining visibility into the libraries/frameworks included in all mobile apps, pinpointing libraries/frameworks that are using older versions, identifying components that remain but were previously required to be removed, uncovering component licenses that violate internal and external policies, understanding where data is going (including unapproved APIs and destinations) and gaining visibility into summary vulnerability information that requires further testing and inspection.  Furthermore, comparing SBOMs from different versions of a mobile app provides insight into changes made by the developer that may require further analysis.

Top IT and DevOps News: 49ers welcome Visual Edge IT from Acronis as organization’s CyberFit delivery partner

“With the explosive growth in mobile, especially in the workplace, it has become increasingly important to elevate the transparency for the mobile apps we use every day — and the underlying software components they depend on,” said Steve Springett, chair of the OWASP CycloneDX project. “The CycloneDX SBOM standard is a result of security experts and industry coming together to create an SBOM standard that delivers the transparency and interoperability necessary to communicate software inventory and the relationships across different systems. We’re excited that NowSecure supports the CycloneDX SBOM standard — a tremendous victory for the mobile space and for NowSecure customers.”

The NowSecure Platform SBOM early access program is part of the world’s most comprehensive suite for mobile app security including NowSecure Platform for continuous security testing in the development pipeline for DevSecOps, NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Services, and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to drive their success by delivering secure mobile apps faster and by continuously monitoring their mobile app supply chains for risk. Top mobile innovators, global businesses and agencies trust NowSecure to secure their mobile apps including AT&T, Caribou Coffee, iRobot, Uber, and Zoom.

Top IT and DevOps News: Learners Clinic: Microsoft Africa Development Center Announces its Game of Learners Program for Beginner Developers

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Oracle Cloud Infrastructure FastConnect on CoreSite Enables 50G Multicloud Networking

Business Wire

Red Cat Holdings Selected by US Army for Short Range Reconnaissance Tranche 2 Drone Program

AWS Announces General Availability of AWS Mainframe Modernization

Leave a Comment