Blog
Recent PostsFeed
-
SignPath Raises €5M to Strengthen Software Supply Chain SecurityStefan Wenig January 19, 2025
TIN Capital, a leading cybersecurity fund, joins us on our mission to deliver code integrity and secure software supply chains.
-
Building Trusted Software for macOS: A how-to guide for digital signingPaul Savoie November 29, 2024
To provide a great user experience, you must prevent annoying pop-ups and alerts by digitally signing your app to make it trusted by macOS.
-
From Implicit to Explicit: Why Code Signing is the Missing Link in DevSecOpsPaul Savoie September 10, 2024
By eliminating complexity, SignPath delivers a robust and flexible mechanism that fits naturally in modern software supply chains
-
New year, new faces: SignPath expands the market going activitiesKlaus Rathje February 22, 2024
We will boost and expand the market going activities. With this move, we also grow our leadership team.
-
Cybernews interview with our CEO: supply chains and code signingStefan Wenig February 21, 2022
"You can spend millions of dollars for IT security and still become a victim of an attack on a supplier"
-
DP API Encryption Ineffective in Windows ContainersMarc Nimmerrichter March 23, 2021
We discovered that DP API encryption in Windows containers is not secure
-
Experiences with Security Report Handling: The Good and the BadDaniel Ostovary March 23, 2021
On the stark differences of reporting security vulnerabilities between major software vendors
-
Evaluating the Sunburst Hack: Causes and Future PreventionStefan Wenig December 21, 2020
How hackers exploited one ISV's software to reach political targets - and how software industry practices need to improve
-
Unfulfilled Expectations: Revoked Certificates in JAR SigningDaniel Ostovary August 26, 2020
In April we became aware of a conceptual security issue in the JarSigner. The fix will be shipped with the release of JDK 15
-
On the Importance of Trust Validation: Microsoft's Dangerous MistakeDaniel Ostovary August 26, 2020
Our discovery of how Microsoft didn't verify the validity of timestamping certificates on VSIX packages
-
A White Hat Story: Analysis of Secure Variables in AppVeyorDaniel Ostovary December 13, 2019
We discovered that the encryption of AppVeyor secret variables is susceptible to Padding Oracle attacks.