Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

This article discusses the misuse of X.509 certificates and keys in the SolarWinds attack and how Cryptomathic CKMS and CSG could help protect against such attacks.

Read more

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Read more

Enterprise-grade code signing: Securing the Signing Process

This article outlines the importance of code signing and describes a centralized approach for securing and streamlining the code signing process through technical and procedural enhancements.

Read more

Achieving Software Integrity Through Centralized Code Signing

The phrase “…Software is eating the world.” was famously used by Marc Andreessen in a WSJ article in 2011. It is now 2019 and one could argue that software has successfully eaten the world.

Read more