|
By SignMyCode
As the volume of software supply chain attacks continues to grow, organizations must increase controls over how they sign, store, and release code. DigiCert has launched two cloud-based solutions that help organizations both protect their private keys and improve the efficiency of their code signing operations: DigiCert KeyLocker and DigiCert Software Trust Manager.
|
By SignMyCode
Something big just happened in the cybersecurity world. And if you’re using OpenAI’s macOS apps… this affects you directly. OpenAI has rotated its macOS code-signing certificates after a supply chain attack quietly slipped into its workflow. No, your data wasn’t stolen. But yes, this is serious enough that every macOS user must update before May 8, 2026.
|
By SignMyCode
Microsoft is preparing a major change to Windows that could quietly reshape how security and compatibility are balanced across the entire ecosystem. Starting April 2026, Windows will begin blocking kernel drivers signed through the legacy cross-signed root program by default, replacing a decades-old trust model with a stricter, policy-driven approach centred on the Windows Hardware Compatibility Program (WHCP). This is more than a routine update.
|
By SignMyCode
With an ever-increasing demand for additional security from today’s technology platforms, Microsoft is implementing several new measures to build a more robust ecosystem by default.
|
By SignMyCode
OWASP (Open Web Application Security Project) is a non-profit organisation that has been in existence since 2001. Its mission is to educate (provide direction) webmasters and security professionals about how to create, buy, and keep secure, trusted software applications.” In simple terms, OWASP is a group of application security companies and experts that work collectively to develop a list of the most serious security threats to web applications.
|
By SignMyCode
Every day, thousands of developers unknowingly leave the keys to their company’s lying around… in code. It sounds crazy, right? But it happens more often than you think. A single hardcoded AWS access key, an overlooked database password, or an exposed API token on GitHub can be all it takes. And the result? Multi-million-dollar breaches, lost customer trust, and a brand reputation that takes years to rebuild. Hackers don’t need to break in when you leave the door wide open.
|
By SignMyCode
Code signing certificates changed from being stored in the form of plain files to being stored on hardware solutions such as USB tokens and HSMs. The shift was initiated by some industry giants and the CA/Browser Forum (CA/B Forum), which eventually led to stronger protection for private keys. This was done by ensuring that the certificates do not get easily extracted or misused. Three years after this event happened, there is going to be another major change.
|
By SignMyCode
Data breaches aren’t costing thousands anymore. They’re costing companies their reputation, their customers, and in many cases, their future. And here’s the part nobody tells you until it’s too late. It’s not always ransomware. It’s not always a missing patch. It’s not always some genius hacker breaking in through a zero-day exploit. It’s simply because someone gained access to the encryption keys.
|
By SignMyCode
You’re excited to install the latest update for your favourite app. You hit download, the installation runs smoothly, and everything looks fine until you realise the update wasn’t from the developer at all. It was tampered with. Your system is now quietly leaking data to an attacker.
|
By SignMyCode
A Hardware Security Module (HSM) is a tamper-proof device that has been built to generate, hold, and securely use cryptographic keys. With regard to Code Signing, an HSM guarantees that your private key (s) will remain inside a secure environment, without the ability for anyone else to take or abuse them in any manner. By doing this, the likelihood of your key being stolen, duplicated, or otherwise compromised is significantly reduced.
|
By SignMyCode
In today’s digital landscape, where data security is paramount, protecting your private keys, generating certificates, and managing secure connections is crucial. Microsoft Azure KeyVault offers a robust and reliable solution for handling these critical security aspects. Follow the Video to Manage your Keys and Code Signing Certificates on Microsoft Azure KeyVault. You can Buy Code Signing Certificates for Azure Key Vault to Digitally Sign your Executables and Packages.
|
By SignMyCode
Want an additional layer of security for your software or app? YubiKey is a hardware that offers safe authentication and encryption for creating and authenticating private keys. Private keys generated by YubiKey devices may be secured such that they never leave the device, making them impenetrable to hackers. Due to New CA/B, If you are using an existing token such as YubiKey (FIPS Series), then here is the quick and easy guide that will help you to generate private key, CSR and Attestation Certificate in YubiKey using YubiKey Manage.
|
By SignMyCode
Learn how to sign windows executables using YubiKey! Whenever you are individual software developer or a organization needs to publish software, code signing gets performed. It helps to build a trustworthy relationship with end-users, as signed software eliminates Unknown Publisher Warnings. According to new CA/Browser policies, every certificate owner needs to store the private key in a hardware token. And the token must align with FIPS standards. Otherwise, the certificate will not get issued.
|
By SignMyCode
Take a glance to discover about Code Signing Certificates highlighting its core architecture, process, features and role in enhancing software security to developers and software organizations!
|
By SignMyCode
Let your customers give authentication to assure customers that the file they are downloading is from the publisher that can be trusted. This is especially important for publishers who distribute their software through third-party download sites, which they may have no control over.
- April 2026 (3)
- February 2026 (4)
- January 2026 (4)
- December 2025 (1)
- November 2025 (3)
- October 2025 (3)
- September 2025 (6)
- August 2025 (6)
- July 2025 (6)
- June 2025 (3)
- May 2025 (3)
- April 2025 (8)
- March 2025 (7)
- February 2025 (4)
- January 2025 (1)
- December 2024 (2)
- November 2024 (2)
- October 2024 (2)
- September 2024 (1)
- August 2024 (4)
- July 2024 (1)
- June 2024 (11)
- May 2024 (10)
- April 2024 (6)
- March 2024 (4)
- February 2024 (8)
- January 2024 (7)
- December 2023 (6)
- November 2023 (3)
- October 2023 (2)
- September 2023 (1)
- August 2023 (8)
- July 2023 (11)
- June 2023 (5)
- May 2023 (17)
- April 2023 (8)
- March 2023 (10)
- February 2023 (8)
- January 2023 (10)
- December 2022 (12)
- November 2022 (12)
- October 2022 (11)
- September 2022 (9)
- August 2022 (2)
- January 2022 (3)
SignMyCode is a one-stop shop for an affordable and authentic code signing solution offering code signing certificates from reputed certificate authorities like Comodo & Sectigo for individual developers and software organizations aiming to keep your software, applications, scripts and executables tamper proof and safe from unauthorized access using digital signatures.
Types of Code Signing Certificates:
- EV Code Signing: Code Sign your software, scripts, executables, applications and instantly remove the notorious Microsoft SmartScreen Reputation Filter warning message that scares users.
- OV Code Signing: Digitally sign your software & executables and immediately remove unknown publisher warnings while showing your identity as a publisher name.
- Individual Code Signing: Individually code sign your software, scripts, and applications that help you get recognized as a genuine and verified software developer.