In the race for speed and automation, code signing is treated as a silver bullet when it should be just one part of a deeper trust strategy.
DigiCert Allies With ReversingLabs to Secure Software Supply Chains
DigiCert today announced it has allied with ReversingLabs to integrate binary analysis and threat detection capabilities with a code signing service it provides. Deepika Chauhan, chief product officer for DigiCert, said the addition of these capabilities to the DigiCert Software Trust Manager service would make it simpler for organizations to operationalize a methodology for securing […]
Chainguard Adds Private Edition of Code Signing Platform
Chainguard today added a private preview of a Chainguard Enforce Signing service, enabled by the open source Sigstore project, that allows developers to generate digital signatures for software artifacts using identities and one-time-use keys they create themselves. Kim Lewandowski, head of product for Chainguard, said Chainguard Enforce Signing provides an alternative to relying on a […]
Cisco Adds Open Source Tool to Validate Serverless Functions
Cisco has launched an open source project, dubbed FunctionClarity, that makes it possible to verify signatures before code is deployed in a serverless computing environment. Vijoy Pandey, vice president of emerging technologies and incubation at Cisco, said that one of the application security issues that has emerged in serverless computing environments is the lack of […]
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the KubeCon + CloudNativeCon North America conference, the cloud service makes it possible for developers to both cryptographically sign artifacts and verify that the […]
Securely Streamline Code Signing for DevOps and DevSecOps
Introducing code-signing provides security within the application, but teams should take care to understand and implement the process effectively Digital certificate management, with hundreds or thousands of certificates required to support IT infrastructure, can easily lead to degradation of application integrity and unnecessary risk to the business. The cumbersome nature of siloed teams manually managing […]