App Defense Alliance Announces Release of New Security Standard ADA ASA v1.0
Jennifer Bly | 16 October 2024
SINGAPORE - October 16, 2024 – Today, the App Defense Alliance (ADA) announced the release of its highly anticipated security standard, ADA Application Security Assessment (ASA) v1.0 for mobile, web, and cloud. This set of standards is designed to safeguard sensitive data, protect against cyberattacks, and maintain customer trust.
These standards were developed through the transparent and collaborative approach established via the Linux Foundation and announced today at Singapore International Cyber Week, at which multiple members of the App Defense Alliance’s Steering Committee are speaking. A coalition of over a dozen industry leaders and 60+ security experts – based on work from the Open Worldwide Application Security Project (OWASP) and Center for Internet Security (CIS) – delivered ADA ASA v1.0 to provide mobile and web app developers a comprehensive framework for organizations to implement robust security controls, protect confidential data, and ensure compliance with best practices. The development of ADA ASA v1.0 involved extensive collaboration among industry stakeholders including technology providers, security engineers, and application security testing experts. The standard has undergone rigorous reviews to ensure its effectiveness and feasibility. The standard is expected to have far-reaching benefits for both consumers and businesses, including:
- Enhanced protection of confidential consumer data, such as personal identifiable information or confidential business data
- Reduced risk of data breaches and cybercrime, resulting in lower costs associated with incident response and remediation
- Improved trust and confidence among consumers, leading to increased loyalty and business growth
- Simplified compliance for developers, reducing administrative burdens and costs
- Better alignment with emerging technologies and trends, such as mobile apps, web apps and APIs, and secure use of the cloud
“Meta co-founded the App Defense Alliance with the goal of working collaboratively with others in the industry on standards that will help to protect people and their data,” said Andre Mintz, Vice President of Global Security & Privacy Programs at Meta. “We believe that this new standard has the power to drive meaningful change and improvement across app ecosystems. We're proud to have played a role in its development and look forward to seeing its impact unfold.”
"With the evolving application landscape, we're excited to have partnered with industry leaders in the development of the Application Security Assessment v1.0," said Oliver Bell, General Manager, Trust and Privacy at Microsoft. "The App Defense Alliance is helping pave the way for developers to build trust in the thriving third-party application ecosystem."
“The ADA ASA v1.0 standard showcases the App Defense Alliance's commitment to protecting users from application threats through industry collaboration,” said Dave Kleidermacher, VP of Engineering, Android Security and Privacy. “By providing developers with a clear framework for building apps that prioritize user security and privacy, we can collectively enhance the safety of the entire app ecosystem. Google is proud to support this initiative by contributing our expertise in mobile security and we remain committed to making the app ecosystem safer for users everywhere."
To support the adoption of ADA ASA v1.0, in the coming months the ADA plans to launch a certification program that will enable developers to demonstrate conformance to the ADA security standards, contributing to a more secure app ecosystem.
For more information about the App Defense Alliance, please visit: www.appdefensealliance.org. To access the ADA ASA v1.0 Security Standards, visit the alliance’s GitHub repository: https://github.com/appdefensealliance/ASA-WG/tree/v1.0.
About the App Defense Alliance
The App Defense Alliance is focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. The App Defense Alliance’s goal is to protect users of mobile and web applications through industry-recognized security standards, validation guidance, and a certification scheme that scales with risk.
About the Joint Development Foundation
The Joint Development Foundation (JDF), part of the Linux Foundation family of projects, accelerates organizations developing technical specifications, standards, data sets, and source code. JDF provides the corporate and legal infrastructure, experienced support staff, and extensive network necessary to achieve the highest levels of industry and international standardization. For more information, please visit us at jointdevelopment.org.
Media Contact:
Jennifer Bly
Linux Foundation
jbly@linuxfoundation.org
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.