Code signing - simple & secure (and free for Open Source)
Joined July 2017
- Tweets 28
- Following 0
- Followers 52
- Likes 8
Photos and videos
22 Mar 2022
Cybernews interview with our CEO about code signing and how it relates to software supply chains and current cyber threats cybernews.com/security/stefa…
2
2
21 Dec 2020
More on Sunburst: what can we do to prevent this kind of supply chain attacks in the future? about.signpath.io/blog/2020/…
Reviews, secure build chains... and SignPath, maybe, to make sure reviews and security are in place before code signing.
1
18 Dec 2020
Most in-depth SunBurst analysis we've seen so far: blog.reversinglabs.com/blog/…
Build systems and code singing are primary targets for suply chain attacks, allowing hackers to "evade millions of dollars of security investment" at their eventual targets. 1/4
1
3
3
18 Dec 2020
It has happend before, and we've been warned it would only get worse: microsoft.com/security/blog/… 3/4
1
18 Dec 2020
Connecting build systems to HSMs is not enough, nor are specialized HSM proxies dressed up as code signing solutions. We need policy management & enforcement, airtight & verifiable integration from source code to build to signing. That's what we do. 4/4
1
30 Oct 2020
While SignPath can help with driver cross-signing, attestation *and* HLK signing, customers express concern about consequences of Microsoft dropping cross-signing for good osr.com/blog/2020/10/15/micr… via @OSRDrivers /cc @vcsjones @clairernovotny
28 Nov 2019
Let's get all that great OSS code signed, shall we?
28 Nov 2019
These folks been providing #GitExtensions project with a cert for the past year, and have extended their support for another 3!
Totally recommend them
3
SignPath.io retweeted
28 Nov 2019
Big thanks to @SignPathIO and @paul__savoie - the MSBuild Log Viewer installer is now signed! SignPath is generously providing a certificate for my open source project. Hope the install experience will be less painful now.
3
4
22