News Item

ENISA supports International Product Safety week

Published on June 17, 2014

The European Commission is this week organising the 5th International Product Safety week. Every two years, policy makers, industry, consumer organisations and many others from across the world gather to discuss how to cooperate in order to reinforce product safety. The aim of the International Product Safety Week is to promote the safety of consumer products and international cooperation.

European Commission Press release regarding its fifth International Product Safety Week is available in 21 languages.

ENISA supports International Product Safety Week through a number of studies and several reports published that support the development of safer consumer products in areas such as secure smartphone development, app-store security and secure software engineering. Examples include:

Smartphone Secure Development Guidelines

In its Smartphone Secure Development Guidelines, ENISA advocates in favour of a baseline set of ‘five lines of defence ‘against malware, which are: app review, reputation, kill-switches, device security and jails

As a first step towards addressing the problem of software vulnerabilities ENISA provides a comprehensive list of different, already existing Secure Software Engineering Initiatives, . This list include initiatives in the EU, as well as some major US and global SSE initiatives, focused on finding and preventing software vulnerabilities.

Ten critical areas when creating apps

Written for smartphone application developers, the ENISA Smartphone Secure Development Guidelines lists ten critical areas to consider when creating apps.

  1. Identify and protect sensitive data on the mobile device
  2. Handle password credentials securely on the device
  3. Ensure sensitive data is protected in transit
  4. Implement user authentication and authorization and session management correctly
  5. Keep the backend APIs (services) and the platform (server) secure
  6. Secure data integration with third party services and applications
  7. Pay specific attention to the collection and storage of consent for the collection and use of user’s data
  8. Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls, etc...)
  9. Ensure secure distribution/provisioning of mobile applications
  10. Carefully check any runtime interpretation of code for errors

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies