Sign & Verify! How code signing secures the software supply chain

Some fast facts from Gartner:

  • By 2025, 45% of organizations will have experienced attacks on their software supply chains, tripling the numbers from 2021.
  • Half of existing supply-chain attacks are attributed to APTs or well-known attackers.

Digital transformation enables enterprises of all sizes to provide value to their customers in a fast and consistent manner. One crucial consideration of that transformation is the automation and security of software development and deployment (CI/CD) pipelines. These environments present a unique challenge to enterprise security and engineering teams, but code signing technology can help secure your software supply chain from end to end.

In this AMA session, we’ll discuss the role code signing plays in securing the software supply chain from cybercriminals, including guidance on signing and verification as baseline security requirements. The conversation will be based around top industry documentation, including NIST SP 800-218, NIST SP 800-190, CNCF Cloud Native Security whitepaper, CNCF Security Best Practices for Software Supply Chain, CIS guidance on Software Supply Chain, and OWASP SAMM.