Can SIGSTORE and Code Signing Save Us from Supply Chain Hacks

So, from Notpetya in 2017 to SolarWinds in 2020, one thing that we can all agree on is that the most devastating cyber-attacks have originated from the supply chain hacks. Supply chain hacks are scary for several reasons. To start with, they do not require the use of commonly guarded attack vectors such as phishing, compromised credentials, or misconfiguration to get a foot in the door. They are pervasive because the malware and the backdoor exist inside a code that looks and feel legit. And finally, there is no way to absolutely positively stop them. Why? Because no matter how big of a software shop you are, you didn’t write ALL of your code. Virtually every code contains dependencies in the form of external libraries and not only you implicitly trust your software vendors, their vendors, and so on as well. So, in this video, I want to deep dive into code signing, discuss the available software such as Sigstore, show you how it works, and finally share my thoughts on it that’s sufficient to prevent the supply chain hacks or not.
★★ CISCO AND DEVNET CERTIFICATIONS LEARNING MATERIAL ★★
https://cciein8weeks.com
https://fullstacknetworker.com

★★ WHO AM I ★★
https://bit.ly/3qZsCLm
twitter.com/AfaqMKhan

Видео Can SIGSTORE and Code Signing Save Us from Supply Chain Hacks канала Technology Leadership