MacStadium announced that it has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1, meaning that MacStadium has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM), and that it joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
AppViewX launched AppViewX SIGN+, a flexible and secure code signing solution that enables DevOps teams to quickly and easily secure their software supply chain.
With multiple deployment options, including code signing as a service, AppViewX SIGN+ seamlessly integrates into DevOps processes to enable frictionless code signing to validate the integrity of software applications and their components.
“The recent CA/Browser (CA/B) Forum requirements for code signing certificates and keys to be stored on secure hardware is in direct response to increasing threats targeting weak code signing processes and critical software supply chain vulnerabilities,” said Ravishankar Chamarajnagar, Chief Product Officer at AppViewX. “Code-signing certificates and keys have become high-value targets for attackers, as evidenced in the SolarWinds compromise. With AppViewX SIGN+, we are offering a fully compliant code signing solution that allows developers to easily sign code, maintain speed and agility, and prove the integrity, validity, and security of code throughout the software development lifecycle.”
Using a centralized and integrated approach, AppViewX SIGN+ simplifies and secures code signing for source code, binaries, containers, and firmware. AppViewX SIGN+ integrates with native signing tools, CI/CD pipelines and workflows to ensure all code is signed before deployment, and meets security and compliance requirements. It also provides full visibility and policy-driven control over private key storage, code-signing certificate management, and access.
AppViewX SIGN+ provides the following capabilities and benefits:
Secure and Protected Code Signing
-Supports private and public code signing certificates for both internal and external use cases
- CA/B Forum compliant private key protection – FIPS 140-2 (and higher) certified HSMs
- Timestamping to support long term validation of signatures
- Supports all standard asymmetric cryptographic algorithms, RSA, ECDSA, and DSA, and is Post-Quantum Cryptography ready
Seamless and Flexible Deployment and Integrations
- Deployment options include on-premises and SaaS offerings for enterprise DevOps teams and outsourced development operations
- Integration with native signing tools and CI/CD pipelines to integrate code signing in build processes
- Option to upload and sign code in the AppViewX SIGN+ console
Code Signing Policy and Access Control
- Centralized control of code signing certificates and private keys
- Role based access control and policy controlled signing to ensure user permissions and authorization and key protection
- Visibility into signing events including usage, signing and audit trails
With flexible deployment and integration options, AppViewX SIGN+ is available now and is part of the AppViewX Digital Trust Platform that includes AppViewX CERT+, AppViewX PKI+, and AppViewX KUBE+ for automating PKI and certificate lifecycle management across complex hybrid multi-cloud environments.
Industry News
The Cloud Native Computing Foundation® (CNCF®) released the two-day schedule for CloudNativeSecurityCon North America 2024 happening in Seattle, Washington from June 26-27, 2024.
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.
Red Hat is announcing an optional additional 12-month EUS term for OpenShift 4.14 and subsequent even-numbered Red Hat OpenShift releases in the 4.x series.
HAProxy Technologies announced the launch of HAProxy Enterprise 2.9.
ArmorCode announced the general availability of AI Correlation in the ArmorCode ASPM Platform.
Octopus Deploy launched new features to help simplify Kubernetes CD at scale for enterprises.
Cequence announced multiple ML-powered advancements to its Unified API Protection (UAP) platform.
Oracle announced plans for Oracle Code Assist, an AI code companion, to help developers boost velocity and enhance code consistency.
New Relic launched Secure Developer Alliance.
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring.
Red Hat announced advances in Red Hat OpenShift AI, an open hybrid artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across hybrid clouds.
ServiceNow is introducing new capabilities to help teams create apps and scale workflows faster on the Now Platform and to boost developer and admin productivity.
Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.