CyberNews Briefs

Linux Foundation Debuts Sigstore Project for Software Signing

Yesterday, the Linux Foundation announced that it was launching a new nonprofit initiative that seeks to improve open source software supply chain security called Sigstore. Sigstore’s primary purpose is to make it easier for developers to add cryptographic signing capabilities for different components of the software development process.

Linux also stated that Sigstore will be a free service offered to software providers and developers in order to improve the cybersecurity practices of supply chains associated with the development process. The providers can use Sigstore’s offerings to securely sign software artifacts such as release files, binaries, and container images. Signed materials are then sealed in a tamper-proof public log.

Read More: Linux Foundation Debuts Sigstore Project for Software Signing

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.