Partnership addresses critical mobile security vulnerabilities
Mobile technology company Tigerspike and Codenomicon, developer of innovative security testing solutions, today announced a partnership in mobile security. The companies will jointly help customers to assess the security of their mobile applications and address their mobile security needs.
“The need for mobile security has never been higher”, says Luke Janssen, CEO of Tigerspike. “Through our partnership with Codenomicon, we are addressing this massive need in the marketplace.”
The use of mobile applications in enterprise is exploding. In addition to customer applications, mobile applications are increasingly used by companies to automate internal processes. However, the growing importance of mobile applications stands in contrast to the lack of mobile security. Unfortunately, when it comes to mobiles, company IT security policies are often ignored.
“Surprisingly, in many cases, the CIO does not know that mobile applications containing sensitive information exist”, explains Luke Janssen, CEO of Tigerspike. “In Australia, serious non-compliance with the new law can translate into a penalty of up to AUD1.7m for organisations and AUD 340,000 for individuals, so mobile security is something that CIOs and CEOs now must take seriously”.
In 2011 Tigerspike set up a Future technologies division within their Innovation Lab. The purpose of the division is to create and patent new technologies and re-think existing technologies given the growth in mobile. Searching for solutions to address their customers’ burgeoning enterprise mobility needs, the company encountered a severe shortage of reputable firms that were able to proactively deal with security issues. The company then started working on two key aspects of the security stack: encryption and password strength. Codenomicon’s offering complements Tigerspike’s capabilities by providing security testing solutions for mobile applications.
“There are very few companies in the mobile security space”, says Dr. Stuart Christmas, Director of Future Technologies at Tigerspike. “Out of all the companies we considered, only Codenomicon had effective security diagnostic tools for mobile.”
Codenomicon has developed security solutions for networks, devices and applications for over ten years. The Codenomicon test suite for mobile applications automatically scans applications for security weaknesses. Within minutes of uploading an application, the test suite reveals all third-party and open source code and lists the corresponding known vulnerabilities and software license information.
“At Codenomicon, our goal is to find security flaws others cannot find”, says David Chartier, CEO of Codenomicon. “We are constantly developing new solutions to address the evolving security testing needs of our global customers.”
The Heartbleed vulnerability was discovered by Codenomicon researchers during the development of Codenomicon’s new SafeGuard security testing feature. Heartbleed is an extremely serious vulnerability in the popular OpenSSL cryptographic software library, used by 66% of Internet servers to ensure the security and privacy of online communication. Mobile applications access the same servers as their website counterparts. Given this, the Heartbleed vulnerability also affects mobile applications.
“Vulnerabilities are mistakes in code. Software is written by humans, so there will always be mistakes”, adds David Chartier, CEO of Codenomicon. “The question is who is going to find them and when.”
Unknown vulnerabilities, such as Heartbleed, that was undiscovered for two years, are the largest threat to security by far. The reason is there are no defences against attacks exploiting them.
“What you do not know will hurt you”, David Chartier continues. “Companies with mobile application containing sensitive information simply must make mobile security a priority”.
Tigerspike is a global enterprise software and user experience technology company. We help customers unlock the power of Personal Media, which is transforming the way we live, and work.
Tigerspike’s future technologies division future proofs our business and our customers’ businesses by looking into the future and creating new technologies where we see gaps. More information on our encrypted mobile algorithm, Karacell, can be found here. Also, our application for creating easy to remember mathematically strong passwords can be downloaded from the iOs store or the Android store. Tigerspike is transforming businesses by unlocking the power of Personal Media from our offices in San Francisco, New York, London, Dubai, Singapore, Tokyo, Sydney and Melbourne. With over 60 awards in 10 years, we have a reputation for innovation that creates long-term partnerships with the world’s biggest companies. Our customers include AMEX, Shell, Emirates, Standard Chartered, Kaiser Permanente, Woolworths, Westfield, News Corporation, Direct TV, Novartis and Vodafone. www.tigerspike.com
Founded in 2001, the company was spun out of the successful PROTOS test tools research of the Oulu University Secure Programming Group. Years later, the world-proven Codenomicon DEFENSICS platform remains unmatched in its ability to quickly find quality, resiliency and security flaws within the broadest array of applications. Thousands of developers and security analysts across telecommunications, networking, manufacturing, financial services and defense industries rely on Codenomicon to reduce costly reputation, quality and compliance risks.