[Owasp-leaders] Any OWASP Guidelines around Code Signing?
ajoy kumar
ajoysota at hotmail.com
Tue Nov 17 02:39:51 UTC 2015
You may find information that is more comprehensive at NIST FIPS
186-4 document http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
Regards,
Ajoy
ISC 2 Board Elections – Your support requested
https://www.linkedin.com/pulse/article/isc2-board-election-your-support-requested-ajoy-kumar/edit
Date: Mon, 16 Nov 2015 17:19:52 -0400
From: johanna.curiel at owasp.org
To: vaibhav.gupta at owasp.org
CC: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Any OWASP Guidelines around Code Signing?
Hi Vaibhav
I do not recall any project that touches this in detail
The only project that mentions digital signing of libraries and quite superficial is the code review guidelines , maybe here and there some documentation but I don't think in the level of deepness you are looking for
regards
Johanna
On Mon, Nov 16, 2015 at 1:32 PM, Vaibhav Gupta <vaibhav.gupta at owasp.org> wrote:
Hello OWASPians,
Is there any release/draft version of OWASP guidelines around code signing/digital signing of executables?
Something like: What should be the signing process? Which hash algorithm to use? What should be the min/max expiry? Should we use time-stamping? Any blacklist algorithms? etc. ?
If we do not have any guideline in place, any suggestion around this would be appreciated. ThanksVaibhav
twitter.com/VaibhavGupta_1
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151117/3f7e2bde/attachment.html>
More information about the OWASP-Leaders
mailing list