all InfoSec news
An Industry Interview Study of Software Signing for Supply Chain Security
June 13, 2024, 4:20 a.m. | Kelechi G. Kalu, Tanya Singla, Chinenye Okafor, Santiago Torres-Arias, James C. Davis
cs.CR updates on arXiv.org arxiv.org
Abstract: Many software products are composed by the recursive integration of components from other teams or external parties. Each additional link in a software product's supply chain increases the risk of the injection of malicious behavior. To improve supply chain provenance, many cybersecurity frameworks, standards, and regulations recommend the use of software signing. However, recent surveys and measurement studies have found that the adoption rate and quality of software signatures are low. These findings raise questions …
arxiv behavior components cs.cr cs.se cybersecurity cybersecurity frameworks external frameworks industry injection integration interview link malicious malicious behavior parties product products provenance risk security signing software software products standards study supply supply chain supply chain security teams
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
Ingénieur Développement Logiciel IoT H/F
@ Socomec Group | Benfeld, Grand Est, France
Architecte Cloud – Lyon
@ Sopra Steria | Limonest, France
Senior Risk Operations Analyst
@ Visa | Austin, TX, United States
Military Orders Writer
@ Advanced Technology Leaders, Inc. | Ft Eisenhower, GA, US
Senior Golang Software Developer (f/m/d)
@ E.ON | Essen, DE
Senior Revenue Operations Analyst (Redwood City)
@ Anomali | Redwood City, CA