The Certificate Authority Security Council has released new Minimum Requirements for Code Signing for use by all CAs (Certificate Authorities). This represents the first-ever standard for code-signing, and the advocacy group hopes the guidelines will improve web security by making it easier to verify software authenticity.
The new Minimum Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates outlines specific steps CAs and individual software companies must perform to ensure code-signing certificates are not abused. It addresses “user concerns about the trustworthiness of signed objects and accurately identifying the software publisher,” the working group wrote in the requirements document.
To read this article in full or to leave a comment, please click here