The Linux Foundation, the non-profit organization enabling innovation through open source, has announced a new service to improve the security of the software supply chain by enabling the easy adoption of cryptographic software signing.
Cryptographic software assurance backed by Google, Red Hat, Purdue U Share
Copy
The Linux Foundation, with the support of Google, Red Hat, and Purdue University, is launching a service called sigstore to help developers sign the code they release.
Signing code involves associating a cryptographic signature with a specific digital artifact – release files, container images, and binaries – so that the person using the software can check the code s signature to verify that the release is authentic and hasn t been altered by someone along the way. Sigstore enables all open source communities to sign their software and combines provenance, integrity and discoverability to create a transparent and auditable software supply chain, said Luke Hinds, security engineering lead in Red Hat s office of the CTO, in a statement.
New free software signing service aims to strengthen open-source ecosystem csoonline.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from csoonline.com Daily Mail and Mail on Sunday newspapers.