Enterprises running a tight ship on security should know what code they trust. On the other hand, they should also be well aware of code they don’t trust. But how can than they seamlessly do this without it being a burden on resources? Enter code signing.
When it comes to some operational inefficiencies that lead to issues, decentralized control, lack of policy enforcement around access rights, poor visibility, and insufficient expertise surrounding systems lead to poor code signing processes. Keeping these poor habits top of mind is critical to ensuring you set up a secure, scalable code-signing ecosystem, says Jing Xie, senior threat intelligence researcher at Venafi.
“The importance of code identity is just as important as that of the identity of a web server on the internet,” Xie told InfoSec Insider during a recent video interview shot at the InfoSec World Conference & Expo.
In the full video interview below, Xie provides us with a breakdown of the four poor practices and also shares what a heathy code signing ecosystem looks like.