The Solarwinds Tipping Point
What makes the SolarWinds attack so astonishing is its scale. The infected Orion software was sold to more than 33,000 customers. Sunburst, the aptly named malicious code, was distributed to as many as 18,000 organizations. For months, this Trojan Horse sat inside the firewalled networks of tens of thousands of unsuspecting businesses and government agencies.
Signing software is important in and of itself, but it’s all too easy to overlook the management of signing policies and practices—and that’s where we find security gaps that can be exploited. When it comes to software security, the choice is binary. You can choose best practices, or you can choose to leave your supply chain open to attack.
Implementing code signing best practices will help to ensure that signing isn’t the weak link in your supply chain. And, if implemented correctly, code signing can also help to prevent malware injection.