Top Code Signing Risks (and How to Fix Them)
The top code signing risks in enterprise environments are blind signing, key exposure, pipeline compromise, lack of auditability, tool fragmentation, and the absence of a
The top code signing risks in enterprise environments are blind signing, key exposure, pipeline compromise, lack of auditability, tool fragmentation, and the absence of a
Code signing in a CI/CD pipeline is the process of cryptographically signing software artifacts as part of an automated build and release workflow. A traditional
Code signing is a cryptographic process that binds a digital signature to a software artifact using a private key tied to a verified identity. It
As we stand on the brink of a new era in cybersecurity, the threat posed by quantum computing is no longer a distant possibility, it’s
Post-Quantum Cryptography and the Future of Secure Code Signing Imagine a future where quantum computers can break the encryption that keeps our digital world secure.
Effective June 1st of this year, the new CA/Browser Forum code signing requirements go into effect. As a result, publicly trusted Certificate Authorities (CA) will
In this post, learn more about satisfying the requirements of three new frameworks for securing the software supply chain: Google’s SLSA Framework, Microsoft’s SCIM Framework, and CNCF’s Software Supply Chain Best Practices.
This post describes security controls that an enterprise can deploy to prevent and detect attackers who are attempting to insert malware into a software’s code base.
To ensure strong security, a code signing system must verify that the code being signed precisely matches the code in the repository. In this post, learn how to deploy such a system using a technique known as automated hash validation.
Businesses need a secure code signing system that doesn’t reduce the tempo of day-to-day operations. Learn how to design it in this post.