Code signing is a critical step in the process of building and protecting software—but many developer and engineering teams struggle with implementing consistent signing practices, largely because there’s a misconception that signing that interferes with the time-to-market goals of agile development practices.

This guide will help you formulate a strategy that combines software, process, and policy to achieve end-to-end security in your signing practices. To create this guide, we surveyed and interviewed dozens of DevOps experts, team leads, and software security professionals. Hailing from organizations of different sizes, industries, and geographies, these experts helped us build a useful signing baseline that can be applied to virtually any software development team in any organization.