Dark Reading

Linux Foundation Debuts Sigstore Project for Software Signing

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...
Network World

Application whitelisting is a viable option when you can leverage software signing

Thirty years ago IBM launched the XT5160 — the first hard drive DOS-based PC. But the computer virus, nowadays so seemingly tied to the PC, actually appeared almost a decade earlier. It took until ...
VentureBeat

Free digital signing service aims to bolster software supply chain security

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The bulk of code in today’s modern software artifacts is open-source in ...
TechCrunch

Sigstore launches free software signing and verification service for open source projects

Software supply chain quickly became a hot topic in the last few years, especially as the number of high-profile attacks increased and the White House got involved. Sigstore, an open source project ...
Dark Reading

8 Strategies for Enhancing Code Signing Security

The recent news that hackers had breached remote access solution company AnyDesk shined a harsh light on the need for companies to take a long, hard look at code-signing practices to help ensure a ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...
InfoWorld

A new hope for software security

From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together. The Log4j vulnerability in December 2021 spotlighted the ...