.jpg.aspx "TechDogs-\"Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity\"")
Software Development
Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity
By Business Wire
.png?ext=.png "Business Wire")
Share
New service allows developers to use native signing tools for easy, secure code signing
CLEVELAND--(BUSINESS WIRE)--Keyfactor, the machine and IoT identity platform for modern enterprises, today announced the launch of Keyfactor Signum, a new code signing as-a-service platform that makes it easy for developers to sign code and containers in a secure way, without disrupting productivity.Organizations today face persistent software supply chain attacks that compromise application development pipelines, IT scripts, macros, and more. Code signing keys are high-value targets for attackers that seek to steal and compromise keys to sign malicious code disguised as trusted software. Shortcuts in the signing process often lead to sensitive keys being left exposed on build servers or developer workstations. Understanding who signed which code and in what context is critical to prevent attacks.
Keyfactor Signum solves these challenges by providing security teams with protection for code signing keys, backed by an HSM and granular signing policies, while allowing developers to leverage the same native signing tools they currently use.
The CA/B Forum has issued requirements that stipulate private keys for EV code signing certificates be generated and protected in a compliant hardware crypto module. “Recent changes made by the CA/B Forum, which are scheduled to go into effect in the next 12 months, mean that organizations are required to generate and store code signing keys in a cryptographic module," said Ben Dewberry, Product Manager Signing & Key Management, Keyfactor. "Keyfactor Signum makes it easy to comply with these new requirements, without causing any disruption to developers that need to move quickly."
Keyfactor Signum is a SaaS solution hosted and managed by Keyfactor in the cloud. Key features and benefits include:
- Integrate with Native Tools: Keyfactor Signum integrates natively with popular signing tools like Microsoft SignTool, OpenSSL, and Jarsigner via the KSP interface for Windows and PKCS11 interface for Linux, making it transparent to developers.
- Secure Key Storage: Sensitive signing keys are generated and stored in HSM to ensure the highest level of protection and comply with CA/B Forum Extended Validation code signing certificate requirements.
- Policy and Governance: A simple web interface makes it easy to define who can sign what, when, and where, with complete auditability of all signing activities.
- Authentication: Only authorized developers and admins can sign code and manage signing policies via integration with Identity Providers, making it easy to deploy rapidly throughout the organization.
To learn more about Keyfactor Signum, click here.
Here's another interesting article on Introduction To Software Development
About Keyfactor
Keyfactor is the machine and IoT identity platform for modern enterprises. The company helps security teams manage cryptography as critical infrastructure by simplifying PKI, automating certificate lifecycle management, and enabling crypto-agility at scale. Companies trust Keyfactor to secure every digital key and certificate for multi-cloud enterprises, DevOps, and embedded IoT security.
Contacts
Press
Jake Schuster
fama PR for Keyfactor
E: keyfactor@famapr.com
Like what you read? Head to the TechDogs homepage to find the latest tech content infused with drama and entertainment. We've got Articles, White Papers, Case Studies, Reports, Videos and Events - the complete lot to help you Know Your World of Technology.
First published on Tue, Oct 11, 2022
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending Business Wire
Mirrorweb Unveils Sentinel - Intelligent Communications Supervision Solution That Cuts False Positives By 90%
By Business Wire
Procurify Welcomes Microsofts Zia Mansoor To Board For AI Strategy Acceleration And Product Innovation
By Business Wire
Rain Technology Showcases Next-Generation Embedded Switchable Privacy At Display Week 2025
By Business Wire
Realtime Robotics Launches Resolver To Speed The Design, Deployment And Optimization Of Robotic Workcells
By Business Wire
Siemens Introduces AI Agents For Industrial Automation
By Business Wire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion