Security News > 2022 > May > Sigstore: Signature verification for protection against supply chain attacks
Software supply chain attacks have been increasing over the past few years, spurring the Biden administration to release an executive order detailing what government agencies are supposed to do to protect themselves against them.
These attacks consist of several different types of threats, but the result is always the same: attackers gaining access to run code on your infrastructure or to tamper with the code that you're using in production.
The Sigstore project aims to help address different threats by building a new standard for signing, verifying and protecting software.
It helps make sure your software is what it claims to be.
In this video for Help Net Security, Dan Lorenc, CTO at Chainguard, talks about the Sigstore project and how it was used to secure the Kubernetes 1.24 release.
News URL
https://www.helpnetsecurity.com/2022/05/26/sigstore-project-kubernetes-video/
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)