Back to Search Start Over

Establishing Provenance Before Coding: Traditional and Next-Gen Signing

Authors :
Schorlemmer, Taylor R.
Burmane, Ethan H.
Kalu, Kelechi G.
Torres-Arias, Santiago
Davis, James C.
Publication Year :
2024

Abstract

Software engineers integrate third-party components into their applications. The resulting software supply chain is vulnerable. To reduce the attack surface, we can verify the origin of components (provenance) before adding them. Cryptographic signatures enable this. This article describes traditional signing, its challenges, and changes introduced by next generation signing platforms

Subjects

Subjects :
Computer Science - Cryptography and Security
Computer Science - Software Engineering

Details

Database :
arXiv
Publication Type :
Report
Accession number :
edsarx.2407.03949
Document Type :
Working Paper

Tools

Authors Abstract Subjects Details