[Owasp-leaders] Any OWASP Guidelines around Code Signing?

johanna curiel curiel johanna.curiel at owasp.org
Mon Nov 16 21:19:52 UTC 2015


Hi Vaibhav

I do not recall any project that touches this in detail

The only project that mentions digital signing of libraries and quite
superficial is the code review guidelines , maybe here and there some
documentation but I don't think in the level of deepness you are looking for

regards

Johanna

On Mon, Nov 16, 2015 at 1:32 PM, Vaibhav Gupta <vaibhav.gupta at owasp.org>
wrote:

> Hello OWASPians,
>
> Is there any release/draft version of OWASP guidelines around code
> signing/digital signing of executables?
>
> Something like: What should be the signing process? Which hash algorithm
> to use? What should be the min/max expiry? Should we use time-stamping? Any
> blacklist algorithms? etc. ?
>
> If we do not have any guideline in place, any suggestion around this would
> be appreciated.
>
> Thanks
> Vaibhav
>
> twitter.com/VaibhavGupta_1
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151116/32c94c57/attachment.html>


More information about the OWASP-Leaders mailing list