Securing Software Distribution with Digital Code Signing

Posted by on October 16, 2013 1 comment

Share:

Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. As the commonly referred to “Internet of things” continues to grow, consumers have access to millions of applications for their desktops, laptops, and mobile devices. Creative software engineers provide us with applications to cover any of our potential needs or interests. Cybercriminals and others with malicious intent recognize this as an opportunity and seek to trick us into installing malicious software (malware) — programs that hijack our computers, steal our money, or try to inflict harm.

Code signing certificates play a key role in helping users identify authentic software code from reputable publishers and receive the assurance that the code has not been tampered with beforehand. Effectively, code signing certificates help create a “digital shrinkwrap” on the software. Not only do users benefit because the digital signature identifies the source of the code, but software publishers are also able to protect and safeguard the integrity of their brand.

The CASC is starting an initiative to add information regarding code signing to our website. The use of code signing certificates is not as popular as using SSL certificates, but the risk might be greater.

To start the initiative off, we have created a white paper. This paper provides an overview of code signing, some configuration choices, and best practices. Please note that the white paper is introductory and the user of the code signing certificate will have to understand what options are supported in his environment.

In the future, the CASC will discuss code signing problems, solutions and industry new developments.

  • http://www.esolutions.net.in Digital Signature Certificate

    Thanks for sharing your views. Great blog here Securing Software Distribution with Digital Code Signing.. It’s hard to find quality writing like yours these days. I really appreciate people like you. I would like to thank for the efforts you have put in writing this blog. I am hoping the same high-grade blog post from you in the upcoming days as well. A web designer must be very knowledgeable.