Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

This article discusses the misuse of X.509 certificates and keys in the SolarWinds attack and how Cryptomathic CKMS and CSG could help protect against such attacks.

The SolarWinds attack and best practices for code-signing

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Achieving Software Integrity Through Centralized Code Signing

Achieving Software Integrity Through Centralized Code Signing

The phrase “…Software is eating the world.” was famously used by Marc Andreessen in a WSJ article in 2011. It is now 2020, and one could argue that software has successfully eaten the world.

Enterprise-grade code signing: Securing the Signing Process

Enterprise-grade code signing: Securing the Signing Process

This article outlines the importance of code signing and describes a centralized approach for securing and streamlining the code signing process through technical and procedural enhancements.