1. Open Web Application Security Project (OWASP)
1.1. Mobile Application Security Verification Standard (MASVS)
1.1.1. 1.11 MSTG-ARCH-11
1.1.2. 7.5 MSTG-CODE-5
1.2. Application Security Verification Standard 4.0.3 (ASVS)
1.2.1. V10.1 Code Integrity
2. US National Institute of Standards and Technology (NIST)
2.1. NIST Special Publication 800-190
2.1.1. 4.1.1 Image vulnerabilities
2.1.2. 4.1.3 Embedded malware
2.1.3. 4.4.1 Vulnerabilities within the runtime software
2.1.4. 4.4.4 App vulnerabilities
2.1.5. 4.4.5 Rogue containers
2.2. NIST Special Publication 800-163 Revision 1
2.2.1. 2.2 Organization-Specific Requirements App Documentation
3. ioXt Alliance
3.1. Mobile Application Profile
3.1.1. 4.9. Vulnerability Reporting Program VDP1
3.1.2. 4.9. Vulnerability Reporting Program VDP2
3.1.3. 4.9. Vulnerability Reporting Program VDP3
3.1.4. 4.9. Vulnerability Reporting Program VDP4
3.1.5. 4.9. Vulnerability Reporting Program VDP5
4. National Information Assurance Partnership (NIAP)
4.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software
4.1.1. Security Assurance Requirements AVA_VAN.1.2E
5. ETSI TS 103 732
5.1. 8.2 Security assurance requirements
5.1.1. 8.2 Security assurance requirements
6. Department for Digital, Culture, Media & Sport (DCMS)
6.1. Code of practice for app store operators and app developers
6.1.1. 1. Ensure only apps that meet the code’s security and privacy baseline requirements are allowed on the app store
6.1.2. 3. Implement a vulnerability disclosure process
6.1.3. 3. Implement a vulnerability disclosure process
6.1.4. 3. Implement a vulnerability disclosure process
6.1.5. 8. Ensure appropriate steps are taken when a personal data breach arises
6.1.6. 8. Ensure appropriate steps are taken when a personal data breach arises
6.1.7. 8. Ensure appropriate steps are taken when a personal data breach arises