Article: Linux Foundation sigstore finds ‘origins’ in software supply chains

Cures, Drugs, Open Health, Procedures (Medical)

Linux Foundation sigstore finds ‘origins’ in software supply chains

Zuellig Pharma’s eZTracker leverages blockchain to help countries get up to speed with their vaccination programmes and to counter the threat of counterfeit vaccines. Take a peek behind the curtain and learn how the smartphone app, powered by SAP’s blockchain platform, lets consumers verify the authenticity of a drug.

Designed to improves the security of the software supply chain, sigstore is said to enable the adoption of cryptographic software signing backed by transparency log technologies. Software application development professionals will be able to securely sign software artifacts such as release files, container images and binaries.

Read Full  Article

Article: A new Linux Foundation open source signing tool could make secure software supply chains universal

Free, Open Software, Open Source

A new Linux Foundation open source signing tool could make secure software supply chains universal

The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries.

Called sigstore, the new cryptographic signing platform uses public logging similar to (but not the same as) cryptocurrencies and other blockchain technologies, the end result of which eliminates many of the security risks associated with traditional digital signing technologies.

Read Full Article