The efficiency of code signing as an authentication mechanism for software depends on the secure storage or code signing private keys used by software publishers. But a series of recent malware attacks using malicious programs signed with legitimate certificates shows that some developers don’t take sufficient precaution.
This paper describes recent security breaches and why they may have happened. It discusses best practices, especially for the Windows platform, which can help to safeguard the private keys associated with code signing certificates.
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines