Logo

PKI Consortium blog

Posts by tag FIPS

    Don’t ‘Compromise’ Your Code Amid Malware Mayhem
    May 12, 2020 by Abul Salek (Sectigo) CA/Browser Forum Code Signing EV FIPS HSM Malware Microsoft Phishing SSL/TLS
    Code Signing Certificates demand a price premium in the underground online marketplace. This is no surprise considering that criminals sometimes use them to dupe their potential victims into installing malware in their machine.

    Leading Certificate Authorities and Microsoft Introduce New Standards to Protect Consumers Online
    December 8, 2016 by CA Security Council CASC Code Signing FIPS HSM Identity Malware Microsoft Revocation SSL/TLS TSA

    San Francisco –December 8, 2016 – the Certificate Authority Security Council (CASC), an advocacy group committed to the advancement web security, today announced the Code Signing Working Group has released new Minimum Requirements for Code Signing for use by all Certificate Authorities (CA). These requirements represent the first-ever standardized code signing guidelines. Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted. Helping to verify software authenticity and avoid downloading malware and other malicious software is critical to protecting consumers’ online interactions. Microsoft is the first applications software vendor to adopt these guidelines, with others expected to follow.

    Minimum Requirements for Code Signing Certificates
    July 20, 2016 by Bruce Morton (Entrust) CA/Browser Forum CASC Code Signing FIPS HSM Malware Microsoft Revocation TSA

    It is time for an update on the Baseline Requirements for Code Signing.

    First the bad news, the new standard was not approved by the CA/Browser Forum due to philosophical differences among some forum members who felt code signing was not in scope with the Forum’s charter.

    The good news is the document was created in a multi-stakeholder environment and substantially improves the current management processes. As such, it was decided to bring the document outside of the forum and finalize it as part of the CA Security Council. The CASC members and others will continue to enhance and manage the document. Microsoft also supports the document and has added the requirement to use the new standard for code signing certificates by February 1, 2017.

    Participate in our community discussions and/or join the consortium