Litcius/Paper detail

Sigstore

Zachary Newman, John Speed Meyers, Santiago Torres-Arias

2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security40 citationsDOIOpen Access PDF

Abstract

Software supply chain compromises are on the rise. From the effects of XCodeGhost to SolarWinds, hackers have identified that targeting weak points in the supply chain allows them to compromise high-value targets such as U.S. government agencies and corporate targets such as Google and Microsoft. Software signing, a promising mitigation for many of these attacks, has seen limited adoption in open-source and enterprise ecosystems.

Topics & Concepts

CompromiseHackerSupply chainComputer securitySoftwareBusinessComputer scienceGovernment (linguistics)MarketingOperating systemSociologyPhilosophyLinguisticsSocial scienceBlockchain Technology Applications and SecurityAdvanced Malware Detection TechniquesCloud Data Security Solutions