Loading…
Attending this event?
Saturday, March 28 • 9:30am - 10:00am
How to Use Code Signing to Protect your Critical Software Infrastructure

Sign up or log in to save this to your schedule and see who's attending!

Log in to leave feedback.


Nearly every business today is a software business. Either software is delivered as a product to customers, or it is used internally for critical business operations. Internally used software could be as simple as operating system shell scripts that copy databases or automate network operations, or as complex as enterprise-wide business infrastructure like accounting or CRM systems. If unauthorized changes are made to this software, either deliberately by a bad actor, or accidentally through employee mistake, there could be severe consequences for the business. 

Code signing has been used for 3 decades to prevent cybercriminals from tampering with delivered software. It’s been an effective technique – so much so that cybercriminals now steal code signing keys to thwart the process.  

Even though many businesses use code signing to prevent tampering with software that they deliver to their customers, many may not use it to protect their internal software infrastructure. Usually this is because it is just too difficult to support the volume of people who need to code sign, too risky to provide this many people with private code signing keys, or there is a lack of PKI expertise in the groups responsible for building software infrastructure. 

In this session we will examine the risks of not signing internal software infrastructure code and the common challenges that businesses face when trying to roll out code signing to large audiences. We will provide best practices for how to effectively do this which is convenient for end users as well as satisfies the needs of the security team.

Zoom link: https://zoom.us/j/266304316

Speakers
avatar for Eddie Glenn

Eddie Glenn

Senior Threat Intelligence Manager, Venafi, Inc
Eddie Glenn is the senior threat intelligence manager at Venafi and is responsible for researching the risks and threats of code signing and endpoint infrastructure. Eddie has more than 30 years of experience in enterprise software at companies such as IBM, Rational, and Wind River... Read More →


Saturday March 28, 2020 9:30am - 10:00am
'Connect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA

Attendees (28)