Tag: attestation

  • Signatures, Key Management, and Trust in Software Supply Chains – Part 2: Exploiting Signatures

    Signatures, Key Management, and Trust in Software Supply Chains – Part 2: Exploiting Signatures

    In Part 1 of the series Signatures, Key Management, and Trust in Software Supply Chains, I wrote about the basic concepts of identities, signatures, and attestation. In this one, I will expand on the house buying scenario, that I hinted about in Part 1, and will describe a few ways to exploit it in the…

    ,
    , ,
  • Signatures, Key Management, and Trust in Software Supply Chains – Part 1: Identities, Signatures and Attestation

    Signatures, Key Management, and Trust in Software Supply Chains – Part 1: Identities, Signatures and Attestation

    For the past few months, I’ve been working on a project for a secure software supply chain, and one topic that seems to always start passionate discussions is the software signatures. The President’s Executive Order on Improving the Nation’s Cybersecurity (EO) is a pivotal point for the industry. One of the requirements is for vendors…

    ,
    , ,