'Sigstore: Software Signing For Everybody' has been published in the proceedings of the ACM Computer and Communications Security Conference

Photo by Bank Phrom on Unsplash Sigstore: Software Signing for Everybody has been published at the 2022 ACM Computer and Communications Security (CCS) conference in Los Angeles, CA, an academic computer security conference, featuring publications from research universities around the world and industry labs at organizations like Google, Microsoft, Meta, and Amazon. This peer-reviewed research paper describes Sigstore, its security model, some data about its usage, and potential applications and is freely available under a CC-BY 4.

Sigstore November Roundup

Sigstore GA Sigstore is excited to announce General Availability (GA) for the Rekor transparency log and Fulcio certificate authority public benefit services! The community has been working hard all year to accomplish this milestone, and we are thrilled that open source communities can now confidently rely on Sigstore for production-grade stable services for artifact signing and verification. Read the Full Post by the Technical Steering Committee SigstoreCon Recap SigstoreCon on October 25 in Detroit was Sigstore’s first-ever event and we’re so happy to say that it was a success!

Security by Default: How Verizon New Business Incubation Uses Sigstore to Demonstrate Provenance and Improve Customer Confidence

This is a Sigstore case study contributed by Aaron Bacchi of Verizon When people think of 5G networks, they typically think solely of the speed and bandwidth that distinguishes the 5G network from its predecessors. However, the real story is the innumerable applications and use cases that 5G makes possible. 5G technology can help entrepreneurs and enterprises create a host of new possibilities in the form of smart spaces — cities, buildings, and homes — where high-speed wireless connectivity, combined with robotics and automation tools, can transform the world we live in and the way we live in it.

Sigstore Announces General Availability for Rekor and Fulcio

Sigstore is excited to announce general availability (GA) for the Rekor transparency log and Fulcio certificate authority public benefit services! The community has been working hard all year to accomplish this milestone, and we are thrilled that open source communities can now confidently rely on Sigstore for production grade stable services for artifact signing and verification. While the Sigstore community has maintained a public instance since early 2021, the services were operated on a best-effort basis and maintainers periodically had to make breaking changes or reset data.

Sigstore Proves That Effective Supply Chain Security Doesn’t Have to Hurt

This is a Sigstore case study contributed by Brandon Gulla, CTO at Rancher Government Solutions Traditionally, everyone in IT assumed good security had to hurt a little bit. If it didn’t hurt, security wasn’t strong enough. But computing trends in software supply chains have shifted in recent years, moving toward centralized development and software factories. When you have that common infrastructure throughout the organization, you can isolate a lot of that pain within the process — without too much developer interaction and disruption.