Security Strategy, Plan, Budget

Code Signing: A Security Control that Isn’t Secured

By Marcos Colon

Enterprises running a tight ship on security should know what code they trust. On the other hand, they should also be well aware of code they don’t trust. But how can than they seamlessly do this without it being a burden on resources? Enter code signing.

When it comes to some operational inefficiencies that lead to issues, decentralized control, lack of policy enforcement around access rights, poor visibility, and insufficient expertise surrounding systems lead to poor code signing processes. Keeping these poor habits top of mind is critical to ensuring you set up a secure, scalable code-signing ecosystem, says Jing Xie, senior threat intelligence researcher at Venafi.

“The importance of code identity is just as important as that of the identity of a web server on the internet,” Xie told InfoSec Insider during a recent video interview shot at the InfoSec World Conference & Expo.

In the full video interview below, Xie provides us with a breakdown of the four poor practices and also shares what a heathy code signing ecosystem looks like.

Interested in learning more? Mark your calendars for the 2020 InfoSec World Conference & Expo.

 Photo by Blake Connally on Unsplash

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.