This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the RadarUnderstand more
TrialWorth pursuing. It is important to understand how to build up this capability. Enterprises should try this technology on a project that can handle the risk.
SSL public key pinning is tricky. If you select the wrong policy or don't have a backup pin, your application will stop working unexpectedly. This is where TrustKit is useful — it's an open-source framework that makes SSL public key pinning easier for iOS applications. There is an equivalent framework for Android as well. Picking the correct pinning strategy is a nuanced topic, and you can find more details about it in the TrustKit Getting Started guide. We've used TrustKit in several projects in production, and it has worked out well.