Dods EU Alert: ENISA supports International Product Safety week

The aim of the International Product Safety Week is to promote the safety of consumer products and international cooperation.

By Dods EU Political Intelligence

Leading provider of EU parliamentary and political intelligence, delivered by an expert team of specialist researchers

18 Jun 2014

The European Commission is this week organising the 5th International Product Safety week. Every two years, policy makers, industry, consumer organisations and many others from across the world gather to discuss how to cooperate in order to reinforce product safety.

European Commission Press release regarding its fifth International Product Safety Week is available in 21 languages.

ENISA supports International Product Safety Week through a number of studies and several reports published that support the development of safer consumer products in areas such as secure smartphone development, app-store security and secure software engineering. Examples include:

Smartphone Secure Development Guidelines

In its Smartphone Secure Development Guidelines, ENISA advocates in favour of a baseline set of ‘five lines of defence ‘against malware, which are: app review, reputation, kill-switches, device security and jails

As a first step towards addressing the problem of software vulnerabilities ENISA provides a comprehensive list of different, already existing Secure Software Engineering Initiatives, . This list include initiatives in the EU, as well as some major US and global SSE initiatives, focused on finding and preventing software vulnerabilities.

Ten critical areas when creating apps

Written for smartphone application developers, the ENISA Smartphone Secure Development Guidelines lists ten critical areas to consider when creating apps.

  1. Identify and protect sensitive data on the mobile device
  2. Handle password credentials securely on the device
  3. Ensure sensitive data is protected in transit
  4. Implement user authentication and authorization and session management correctly
  5. Keep the backend APIs (services) and the platform (server) secure
  6. Secure data integration with third party services and applications
  7. Pay specific attention to the collection and storage of consent for the collection and use of user’s data
  8. Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls, etc...)
  9. Ensure secure distribution/provisioning of mobile applications
  10. Carefully check any runtime interpretation of code for errors

URL: http://www.enisa.europa.eu/media/news-items/enisa-supports-international-product-safety-week

Read the most recent articles written by Dods EU Political Intelligence - REPORT: What are the EU’s policy plans for the rest of 2022?