Enterprise Cryptographic Services
Does this sound familiar? You are working at a company on a big project and are just about ready to move to production but need
Cryptographic Timestamping
What Time is it? In a previous post we mentioned the importance of using cryptographic timestamping to avoid issues related to expiring and, in some
Certificate Revocation – Challenges and Best Practices
Revoking a certificate invalidates a certificate before its scheduled expiration date. There are many reasons to revoke a certificate including, but not limited to, compromise
CA/Browser Forum Code Signing Requirements – New for 2023
Effective June 1st of this year, the new CA/Browser Forum code signing requirements go into effect. As a result, publicly trusted Certificate Authorities (CA) will
Secure Container Signing with Cosign and PKCS#11
Over the past few years container adoption has grown rapidly. With it has grown the need to sign container images to help prevent supply chain attacks. The standards and tools to sign images have evolved over the years, and can still be a bit tricky to navigate for those new to container signing. This post will provide a brief background on some of the tools and standards, the pros and cons of each, and some best practices to follow when signing in your environment.
Preventing the Next Package Manager Supply Chain Attack
Recently, the popular NPM package ua-parser-js was compromised by attackers. At least three malicious versions of the software were released by attackers with capabilities including