Works with Alexa Security Best Practices
Amazon recommends that developers implement all reasonable security measures to prevent unauthorized access to the Alexa service and your products. When you design your products for the Works with Alexa (WWA) certification program, keep security in mind and follow these security best practices.
Follows these guidelines to make sure that your products meet security best practices:
Use secure software update distribution, incorporating cryptographic signing, so that only authentic and authorized updates are applied to devices.
Have a software maintenance update strategy when vulnerabilities are identified. The strategy must specifically define how to create software updates and distribute the updates within a reasonable period of discovery of the vulnerability.
On your product website, include information about how security researchers can notify you of a security vulnerability.
Develop and implement a security response plan that addresses a range of potential security incidents.
Use a secure, authenticated set up. Never include the transmission of credentials over a non-TLS session during set up.
Implement industry standard device hardening methods. For example:
- Remove all unnecessary services and software from devices.
- Validate input before processing it in services on a device.
- Apply all relevant updates to open source software.
- Don't use default passwords.
Hire an independent security expert to conduct a security review of your product before product launches and when major software or hardware changes occur.
- Steps to Build a Smart Home Skill
- Smart Home Skill Publishing Guide
- Security Testing for an Alexa Skill
- AVS Security Requirements
Last updated: Jul 26, 2022