Open source software tools and services are often created quickly and out of necessity. Linus Torvalds, for example, created the first version of git in a weekend when the Linux kernel team could no longer use BitKeeper for Source Control Management.

sigstore was created earlier this year to address the massive gap for an easy, trustable and efficient digital signing tool to confirm the provenance (origin) of software. Since March 2021 sigstore has been growing rapidly and is being used for various projects. This includes Kubernetes, one of the world’s largest open source projects.

But like Let’s Encrypt and the Linux Kernel, sigstore requires resources. Building the first version of the tool is different from bringing together resources to enable widespread adoption and support it for the long term. That’s why we’re excited to announce today that the project has received generous contributions from Chainguard, Cisco, HPE, Google, Red Hat and VMware to conduct an extensive security audit and hire a full-time developer relations engineer.

The reality is that today the majority of software isn’t digitally signed. Without signatures, there’s little evidence of the software’s provenance,  so most software consumed is cryptographically untrusted. With sigstore, developers can digitally sign containers, artifacts, config-as-code, policy, and any given computer file. sigstore has the potential of becoming to digital signing what Let’s Encrypt is to HTTPS.

“By working to eliminate the requirements for specialized skills in cryptography, sigstore is committed to establishing trust and transparency in the open source supply chain. Removing this exclusivity is key to increasing developers’ access to cryptographic signing and creating an open log for accountability. Red Hat is proud to support sigstore’s constant commitment to open source in the supply chain security space,” said Luke Hinds, Senior Principal Software Engineer, Red Hat.

Source

16 comments
  1. A large percentage of of whatever you mention is supprisingly accurate and it makes me ponder the reason why I hadn’t looked at this with this light before. This piece truly did switch the light on for me as far as this particular topic goes. However there is actually one position I am not necessarily too cozy with so while I make an effort to reconcile that with the main idea of your position, allow me see just what all the rest of the visitors have to say.Very well done.

  2. Wonderful blog! I found it while searching on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Thanks

  3. hi!,I love your writing so a lot! share we be in contact more approximately your post on AOL? I require a specialist in this house to solve my problem. Maybe that’s you! Looking forward to look you.

  4. Thank you, I have just been searching for info about this subject for a long time and yours is the best I have came upon so far. But, what in regards to the bottom line? Are you positive in regards to the source?

  5. Thanks for sharing superb informations. Your web site is very cool. I’m impressed by the details that you have on this website. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my friend, ROCK! I found just the information I already searched all over the place and simply could not come across. What an ideal web-site.

  6. Together with almost everything that appears to be developing within this particular subject matter, many of your opinions are quite stimulating. However, I am sorry, but I do not give credence to your entire idea, all be it stimulating none the less. It would seem to us that your commentary are not totally rationalized and in simple fact you are generally yourself not really fully convinced of the assertion. In any event I did appreciate reading through it.

  7. hi!,I really like your writing very so much! proportion we keep up a correspondence more approximately your article on AOL? I require an expert in this area to solve my problem. May be that is you! Having a look forward to see you.

  8. I discovered your blog site on google and check a few of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading more from you later on!…

  9. Hi there, just became alert to your blog through Google, and found that it is truly informative. I’m gonna watch out for brussels. I’ll be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Across the globe, Apple and its teams find new ways to give

The company’s Employee Giving program has raised over $880 million, with more…

Accelerating telco transformation in the era of AI

AI is redefining digital transformation for every industry, including telecommunications. Every operator’s…

New Cisco 800G Innovations Help to Supercharge the Internet for the Future

News Summary: Cisco’s new 28.8T / 36 x 800G line card, powered…

KPMG and Microsoft enter landmark agreement to put AI at the forefront of professional services

Multi-year cloud and AI alliance to supercharge the employee experience and accelerate…

Apple lands historic first Best Picture Oscar nomination for “CODA,”and secures six Academy Award nominations including Best Actor for Denzel Washington in “The Tragedy of Macbeth” and Best Supporting Actor for Troy Kotsur in “CODA”

CUPERTINO, CALIFORNIA Apple today made history, landing six Academy Award nominations in several…

New updates to ensure safer learning at school and at home

The Google for Education team continues to build education services with highly…

Samsung Electronics Introduces Standardized 5G NTN Modem Technology To Power Smartphone-Satellite Communication

Samsung Electronics, a world leader in advanced semiconductor technology, today announced that…

Introducing Google’s Secure AI Framework

The potential of AI, especially generative AI, is immense. However, in the…