loader gif

Most code-signing processes insecure, study shows

Most code-signing processes insecure, study shows (Trends, Reports, Analysis)

Join CW+ Although half of businesses are concerned that cyber criminals are using code-signing certificates as an attack method, few actually enforce the security policies that could thwart them, a study by machine identify protection provider Venafi shows. On average, only 28% of organisations globally consistently enforce a defined security process for code-signing certificates, but this figure drops to 14% in Europe, according to a poll of more than 320 security professionals in the US, Canada and Europe. “Secure code-signing processes enable apps, updates and open source software to run safely, but if they’re not protected, attackers can turn them into powerful cyber weapons,” he said, adding that code signing certificates were the key reason Stuxnet and ShadowHammer were so successful. “If you’re building code, deploying containers, or running in the cloud, you need to get serious about the security of your code signing processes to protect your business,” he said.

loader gif