Profound and timely advice from the World Economic Forum on the need to ensure trust in digital technologies (Read More link below). App store owners are best positioned to serve, and need to become, ardent stewards of trust for the majority of commercial consumer software. This will require changes to their operations and agreements to apply common criteria and methods to evaluate trust and a consistent method to communicate trustworthiness of apps across app stores, using an approach similar to how FICO credit scoring is performed in the US, using a common methodology expressing trustworthiness scores that applies NIST consumer software labeling recommendations. Some US States have taken this matter into their own hands by banning certain apps or vendors from use within State government agencies and devices.
Timely information sharing is also critically important to improve consumer awareness of risky software. A "Trust Registry" similar to the work underway within the IETF Supply Chain Integrity, Transparency and Trust (SCITT) work group can significantly improve consumer visibility into the trustworthiness of software apps. Software supply chain risk management best practices, such as NIST SP 800-161 and other NIST Guidance can help establish consistent methods to communicate risk, such as SBOM's and SBOM Vulnerability Disclosure Reports (VDR).