Article: A new Linux Foundation open source signing tool could make secure software supply chains universal

Free, Open Software, Open Source

A new Linux Foundation open source signing tool could make secure software supply chains universal

The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries.

Called sigstore, the new cryptographic signing platform uses public logging similar to (but not the same as) cryptocurrencies and other blockchain technologies, the end result of which eliminates many of the security risks associated with traditional digital signing technologies.

Read Full Article