A Weather Report On Security

A Weather Report On Security

How’s the weather outside? Sunny with a chance of IP blocking.

We recently launched a new initiative we’re calling: The Weather Repo. The goal of the project is for organizations to have a more accurate method of understanding whether the apps they’re using are “safe”. It’s hard to know whether apps that claim to be secure really are. Have they been vetted by a third party? Are there existing case studies? Has a threat analysis been performed?


We’ve been developing an app store recommendation engine for circumvention tools. One that is backed by better, more open metadata; and interfacing with better, more open repositories. The “better, more open metadata” endeavor is now being pursued by a coalition led by the Open Integrity Initiative. As founding members of the group supporting this initiative, we’ve been working closely to develop tools based on the research and metadata frameworks that they’re contributing. Metadata will be culled from other sources to supplement this approach and allow for a comprehensive scan of the entire app ecosystem.

The success of the project mainly lays in the fact that the crucial groundwork has been laid for our goal of helping organizations make sense of whether the tools they’re using are “safe” or not. We’ve created an API allowing any organization to take our lessons as well as information and apply it. The growing number of efforts in the security and privacy space, as well as our own goal of a publicly facing “app bazaar” are not possible without groundwork such as this and we’re proud to have been able to produce it.

Our finished API is now documented at http://weatherrepo.com/api . We put up a blog to post about the project and updates of news and events, available at http://blog.weatherrepo.com

We’re extremely interested in the concept of human unit testing and want to make sure that our apps, and the greater set of tools that are out there helping the world, are both usable and that users have the digital literacy to understand how they’re being protected by them and how not. Now that our API is finished, we’re seeding our database with content according to our original set of research questions. And we’re asking for YOUR help. Please go to http://weatherrepo.com/report and add details about the tools that you use and/or make. Let’s populate this database together and make the world a more obviously and honestly secure place!