Security researcher Ivan Rodriguez propose a new iOS App security standard earlier this month and named it Security.plist, inspire by the Security.txt standard. The standard requires an application manufacturer to create a property list file called security.plist and embed it in the root directory of an iOS application. The file will contain all the basic information in order to report security vulnerabilities to developers.
The idea to create Security.plist comes from Security.txt, and Security.txt is currently being standardized by the Internet Engineering Task Force (IETF). It has been widely adopted by the industry. Google Technology giants such as Google, Github, LinkedIn, and Facebook are already using this file.
It is worth noting that Rodriguez is a researcher who uses his spare time to find vulnerabilities in iOS applications. He spends most of his time “hanging around” in the app and therefore found many loopholes. However, he has not yet found a convenient way to easily find the responsible person and the correct disclosure channels. And often the common way is to interface with unprofessional business or marketing personnel. The latter may not know how to deal with the vulnerability and its severity.
Therefore, Rodriguez suggests that security personnel and developers may wish to leave a plish file in the application root directory. The note have the appropriate contact information in order to communicate and solve the problem. But at the moment he just came up with the idea and wants to hear the opinions of app developers.
Rodriguez told ZDNet: "I have heard a lot of feedback so far, and many people may resonate with me. Although it may be too early to implement the security.plist standard. I still hope it will become popular for mobile application deployment Come".
Rodriguez also create a website specifically for security.plist. Where every application developer can create a basic file and embed it in their own app.
Similar News: Redmi K30 To Support Liquid Cooling