Tigerspike partners with Heartbleed’s Codenomicon
Partnership addresses critical mobile security vulnerabilities
Sydney, Australia and Saratoga, CA, USA - May, 2014 – Mobile technology company Tigerspike and Codenomicon, developer of
innovative security testing solutions, today announced a partnership in mobile security. The companies will jointly help
customers to assess the security of their mobile applications and address their mobile security needs.
“The need for mobile security has never been higher”, says Luke Janssen, CEO of Tigerspike. “Through our partnership
with Codenomicon, we are addressing this massive need in the marketplace.”
The use of mobile applications in enterprise is exploding. In addition to customer applications, mobile applications are
increasingly used by companies to automate internal processes. However, the growing importance of mobile applications
stands in contrast to the lack of mobile security. Unfortunately, when it comes to mobiles, company IT security policies
are often ignored.
“Surprisingly, in many cases, the CIO does not know that mobile applications containing sensitive information exist”,
explains Luke Janssen, CEO of Tigerspike. “In Australia, serious non-compliance with the new laws can translate into a
penalty of up to AUD1.7m for organisations and AUD 340,000 for individuals, so mobile security is something that CIOs
and CEOs now must take seriously”.
In 2011 Tigerspike set up a Future Technologies division within their Innovation Lab. The purpose of the division is to
create and patent new technologies and re-think existing technologies given the growth in mobile. Searching for
solutions to address their customers’ burgeoning enterprise mobility needs, the company encountered a severe shortage of
reputable firms that were able to proactively deal with security issues. The company then started working on two key
aspects of the security stack: encryption and password strength. Codenomicon’s offering complements Tigerspike’s
capabilities by providing security testing solutions for mobile applications.
“There are very few companies in the mobile security space”, says Dr. Stuart Christmas, Director of Future Technologies
at Tigerspike. “Out of all the companies we considered, only Codenomicon had effective security diagnostic tools for
mobile.”
Codenomicon has developed security solutions for networks, devices and applications for over ten years. The Codenomicon
test suite for mobile applications automatically scans applications for security weaknesses. Within minutes of uploading
an application, the test suite reveals all third-party and open source code and lists the corresponding known
vulnerabilities and software license information.
“At Codenomicon, our goal is to find security flaws others cannot find”, says David Chartier, CEO of Codenomicon. “We
are constantly developing new solutions to address the evolving security testing needs of our global customers.”
The Heartbleed vulnerability was discovered by Codenomicon researchers during the development of Codenomicon’s new
SafeGuard security testing feature. Heartbleed is an extremely serious vulnerability in the popular OpenSSL
cryptographic software library, used by 66% of Internet servers to ensure the security and privacy of online
communication. Mobile applications access the same servers as their website counterparts. Given this, the Heartbleed
vulnerability also affects mobile applications.
“Vulnerabilities are mistakes in code. Software is written by humans, so there will always be mistakes”, adds David
Chartier, CEO of Codenomicon. “The question is who is going to find them and when.”
Unknown vulnerabilities, such as Heartbleed, that was undiscovered for two years, are the largest threat to security by
far. The reason is there are no defences against attacks exploiting them.
“What you do not know will hurt you”, David Chartier continues. “Companies with mobile application containing sensitive
information simply must make mobile security a priority”.
Ends