VentureBeat

Free digital signing service aims to bolster software supply chain security

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The bulk of code in today’s modern software artifacts is open-source in ...
Dark Reading

Linux Foundation Debuts Sigstore Project for Software Signing

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...
ZDNet

Linux Foundation announces new open-source software signing service

The just-announced sigstore aims to improve the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies. It will ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...
CSOonline

Sigstore explained: How it helps secure the software supply chain

Notable incidents such as SolarWinds and Log4j have placed a focus on software supply chain security. They have also sent security teams in search of tools to ensure the integrity of software from ...
Dark Reading

8 Strategies for Enhancing Code Signing Security

The recent news that hackers had breached remote access solution company AnyDesk shined a harsh light on the need for companies to take a long, hard look at code-signing practices to help ensure a ...
InfoWorld

A new hope for software security

From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together. The Log4j vulnerability in December 2021 spotlighted the ...