RALEIGH, N.C. and FAIRFAX, V.A. - —
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open-source solutions, and Kryptowire, leading provider of a military-grade mobile application security testing platform used by top-security Federal agencies, today announced that the companies have been awarded a contract from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to advance mobile application lifecycle security.
We are excited to collaborate with Kryptowire to help the U.S. government provide automated enforcement of government security standards in mobile apps.
The grant for the project—titled “Assured Mobile Application Lifecycle using Red Hat Enterprise”—was announced in a DHS S&T press release.
In May, DHS S&T announced the findings of its “Study on Mobile Device Security”, conducted in coordination with the National Institute of Standards and Technology and its National Cybersecurity Center of Excellence. According to that announcement, “[t]he study found that the threats to the Federal government’s use of mobile devices—smartphones and tablet computers running mobile operating systems—exist across all elements of the mobile ecosystem. These threats require a security approach that differs substantially from the protections developed for desktop workstations largely because mobile devices are exposed to a distinct set of threats, frequently operate outside of enterprise protections and have evolved independently of desktop architectures.”
Through the DHS S&T Mobile Application Security project, Red Hat and Kryptowire will help to address this mobile security gap by developing a framework for automation of security and privacy compliance in the mobile application lifecycle. To do so, the companies plan to collaborate on the following development initiatives:
- A Red Hat Mobile Application Platform extension that will use Kryptowire’s mobile application testing capabilities to automatically enforce checks throughout the mobile application development process to enable code and third-party library compliance with U.S. mobile security standards.
- Security updates and notifications to address new security or privacy vulnerabilities that affect an application while it is already deployed, enabling end-users to more quickly address new threats. Updates can be enforced in several ways, including user notifications and denial of back-end services. Red Hat and Kryptowire propose augmenting the support for security notifications and updates by including additional re-usable services in Red Hat Mobile Application Platform.
- Optimization of Kryptowire's mobile application certification platform for Red Hat Mobile Application Platform’s processes, with a goal of creating a commercial solution that will improve end-to-end mobile security solutions throughout DHS and other U.S. government agencies.
Supporting Quotes
Paul Smith, senior vice president and general manager, Public Sector, Red Hat
“Mobile devices—including smartphones and tablets—are used across government agencies, but these devices and the mobile apps that run on them require a unique approach to security. This DHS S&T Mobile Application Security project aims to help address this security gap with an approach to mobile app security that can serve as a best practice across U.S. government agencies. We are excited to collaborate with Kryptowire to help the U.S. government provide automated enforcement of government security standards in mobile apps and, through this automated approach, help minimize human error during application releases.”
Angelos Stavrou, CEO, Kryptowire LLC
“Kryptowire's mobile app software assurance technology can now be used during every stage of the software development lifecycle. Enterprises will be able to analyze the mobile apps they develop in-house, to ensure they meet the same internationally recognized security requirements used for classified and national security systems.”
Additional Resources
Connect with Red Hat