iOS Apps Could Really Benefit From the Newly Proposed Security.plist Standard

Джерело:
Slashdot

Дата публікації:
02/12/2019 19:30

Постійна адреса новини:
http://www.vsinovyny.com/6479982

iOS Apps Could Really Benefit From the Newly Proposed Security.plist Standard

02/12/2019 19:30 // Slashdot

Security researcher Ivan Rodriguez has proposed a new security standard for iOS apps, which he named Security.plist. From a report: The idea is simple. App makers would create a property list file (plist) named security.plist that they would embed inside the root of their iOS apps. The file would contain all the basic contact details for reporting a security flaw to the app's creator. Security researchers analyzing an app would have an easy way to get in contact with the app's creators. Rodriguez said the idea for Security.plist came from Security.txt, a similar standard for websites, that was proposed in late 2017. Security.txt is currently going through an official standardization process at the Internet Engineering Task Force (IETF), but it has been widely adopted already, and companies like Google, GitHub, LinkedIn, and Facebook, all have a security.txt file hosted on their sites, so bug hunters can get in touch with their respective security teams. Rodriguez, who is an amateur bug hunter in iOS apps, said he decided to propose a similar thing for iOS apps because getting in touch with an app's dev or security team has been a problem in the past. "I spend most of my free time poking mobile applications which has lead me to find many vulnerabilities and I have yet to find one that has an easy way to find the correct channel to responsibly disclose these issues,"Rodriguez told ZDNet.

«	Наступна новина з архіву Стрельба в кафе Киеве: новые подробности	Попередня новина з архіву 'Free, Melania' offers new details about the life of a private first lady	»