[Owasp-leaders] Any OWASP Guidelines around Code Signing?

Vaibhav Gupta vaibhav.gupta at owasp.org
Mon Nov 16 17:32:58 UTC 2015

Hello OWASPians,

Is there any release/draft version of OWASP guidelines around code
signing/digital signing of executables?

Something like: What should be the signing process? Which hash algorithm to
use? What should be the min/max expiry? Should we use time-stamping? Any
blacklist algorithms? etc. ?

If we do not have any guideline in place, any suggestion around this would
be appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151116/d3260968/attachment.html>

More information about the OWASP-Leaders mailing list