Top
image credit: Pixabay

New free software signing service aims to strengthen open-source ecosystem

March 9, 2021

The Linux Foundation has launched a free service that software developers can use to digitally sign their releases and other software artifacts. The project aims to strengthen the security and auditability of the open-source software supply chain, which has faced an unprecedented number of attacks in recent years.

The code behind the new service, called sigstore, was developed in partnership with Google, Red Hat and Purdue University, and will be maintained by the community going forward. All signatures and signing events will be stored in a tamper-resistant public log that can be monitored to discover potential abuse.

Read More on CSO Online