A new Linux Foundation open source signing tool could make secure software supply chains universal
Sigstore could eliminate the headaches associated with current software signing technology through public ledgers. The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries. Called sigstore, the new cryptographic signing platform uses public logging similar to (but not the same as) cryptocurrencies and other blockchain technologies, the end result…
Read More