Linux Foundation announces new open-source software signing service
1 min read
Mar 10, 2021
The Solarwinds security blunders have raised awareness of the importance of protecting software supply chains from unauthorized changes. Now, the Linux Foundation and partners have created a new free cryptographic software signing service to improve open-source program security.
A few months ago, if you'd asked someone what their biggest concern was about IT security, you would have received lots of different answers. Then Solarwinds catastrophically failed to secure its software supply chain, leading to what's been called IT's Pearl Harbor. So it is today that locking down your software supply chain has become job number one for all CSO and CISOs who take their jobs seriously. To answer this call for open source, the Linux Foundation, along with Red Hat, Google, and Purdue University have created the sigstore project.
Related Articles
1 - 0 min read
How Seccomp Profiles Can Improve Kubernetes Security
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
