Neowin

Sigstore is a Linux Foundation project developed by Google and Red Hat for code signing

Sigstore is a new Linux Foundation project described as "Let's Encrypt for Code Signing". The tool is developed by Google, Red Hat, and Smallstep, and is designed to offer better provenance for code.
Bleeping Computer

Latest Code-signing news

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...
Forbes

Code Signing: Did Someone Hijack Your Software?

Imagine that, for whatever reason, you hear you’re the target of an elite cyber-mafia. You don’t take it seriously until you’re driving down the freeway and suspect someone has tampered with your ...