Open-source intelligence or OSINT may sound like some relatively new buzzword in the IT industry, but it is an established term used since the 1980s. In the United States, the term can be traced to the establishment of the Foreign Broadcast Monitoring Service and the military intelligence community during the Cold War era.
Open source intelligence is also defined in Public Law 109–163 - National Defense Authorization Act for Fiscal Year 2006 as intelligence "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement."
OSINT is often associated with law enforcement, cybersecurity, and business intelligence. However, it can also be applied to other sectors, particularly in app development. There are aspects of development projects that can greatly benefit from open-source intelligence, especially when it comes to security, user experiences, and feasibility.
OSINT in app security
What is open source intelligence as far as app security is concerned? It serves as the basis for finding and addressing possible security weaknesses in an app (based on data about similar apps) and vulnerabilities that emerge because of hardware and software changes. Ports that have been opened by default and features that have been activated after an OS update, for example, can impact the security of apps. OSINT can help DevSecOps teams to plug these security gaps.
On the other hand, OSINT is also useful when used to examine security issues from a threat actor's perspective. While open-source intelligence is certainly useful to legitimate organizations, there is nothing that hinders cybercriminals or those with malicious intent from similarly taking advantage of it.
Cybersecurity and development teams can collaboratively use OSINT to examine if an app can be targeted by bad actors. Aside from relying on publicly available threat intelligence and cybersecurity frameworks like MITRE ATT&CK and OWASP Top 10, it is also possible to use open-source intelligence to examine potential threat exposures. Dev teams may be surprised to find that the open source components they used in the code have serious vulnerabilities.
One survey says that as much as 80 percent of software codebases contain at least one vulnerability. Many companies rely on codebases and open-source components for their apps, especially for mass-produced devices such as wearables and IoT gadgets. Using OSINT to avoid vulnerable open-source code or address existing security problems in code that had already been deployed is a no-brainer.
Moreover, OSINT is useful in scanning the web for leaked or negligently-exposed information associated with a specific development project. The theft of app passwords and secrets is not uncommon as well as the careless embedding of passwords and keys in the code. These sensitive data can be gathered by threat actors and sold on the deep and dark web. Fortunately, development and security teams can use OSINT to check if their development projects have such issues, so they can resolve them immediately.
Creating great user experiences with OSINT
Building apps is not just about creating features and functions. It is also crucial to create intuitive user interfaces and pleasant user experiences. An app may have an abundance of sophisticated features, but if it lacks user-friendliness or ease of use, it is unlikely to attract users.
Creating excellent user experiences necessitates inputs from those who are expected to become the users of an app. It makes little sense to solely entrust it to developers, all of whom are highly tech-savvy and extremely familiar with a wide range of software interfaces. What they would consider intuitive may be too complicated for ordinary app users.
UI/UX best practices, guidelines, and usability frameworks are useful. However, they may not pertain to specific apps intended for a particular set of users. That's why it is necessary to collect data that corresponds to specific questions, concerns, and objectives.
With open source intelligence, organizations can gather various information from typical app users to get a good grasp of what they consider a great interface and app user experience. The information can come from various sources including social media posts, review websites, discussion boards, chats, and online articles. There are also guidelines or recommendations presented on the websites of government agencies.
An app does not have to be already publicly available to gather data or insights on how it can yield excellent user experiences. The information can be based on data gathered about similar or competing applications.
Ensuring feasibility or commercial success
With a full development team involved, an app development project is most likely commercial or profit-oriented. It is created for a specific purpose, which partly includes monetization or revenue generation. Pursuing commercial development projects without regard for feasibility or viability is out of the question.
With OSINT, app developers can examine publicly available data to better understand the target market, expected users, as well as competitors. These play a critical role in the success of an app project. It does not make sense to create something that has no demand for it or to offer something clamored by users but with features and functions that do not meet user expectations.
One study on the feasibility of a mobile phone to promote a healthy lifestyle, for example, demonstrates how developers do not presume that an app is viable simply because it has a sensible or even an altruistic purpose. Developers who are serious about their work want to ascertain that their final product serves a purpose and generates revenue in the process. If they are building an app as commissioned by a business, they would want to make sure that their client is satisfied with the output and is having commercial success with it.
On the other hand, from the commercial perspective, apps need nuanced aesthetics, interface design, and user flow to subliminally guide users to using features that convince them to make a purchase or pay for an in-app transaction. Different kinds of apps have different approaches to maximizing profitability. These different approaches can be determined with the help of open-source intelligence.
In conclusion
Open source intelligence can be a powerful tool for app developers. By leveraging publicly available data, developers can gain valuable insights about their target users, the competitive landscape, and profitability. This can help them to make more informed development decisions that can improve their app's chances of success. It is also worth emphasizing that open-source intelligence is highly useful in ensuring that apps are free from vulnerabilities and security weaknesses.
Top comments (0)