[Owasp-leaders] Any OWASP Guidelines around Code Signing?

ajoy kumar ajoysota at hotmail.com
Tue Nov 17 02:39:51 UTC 2015



You may find information that is more comprehensive at NIST FIPS
186-4 document http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.



Regards,


Ajoy


 

ISC 2 Board Elections – Your support requested

 https://www.linkedin.com/pulse/article/isc2-board-election-your-support-requested-ajoy-kumar/edit



 


 
Date: Mon, 16 Nov 2015 17:19:52 -0400
From: johanna.curiel at owasp.org
To: vaibhav.gupta at owasp.org
CC: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Any OWASP Guidelines around Code Signing?

Hi Vaibhav
I do not recall any project that touches this in detail
The only project that mentions digital signing of libraries and quite superficial is the code review guidelines , maybe here and there some documentation but I don't think in the level of deepness you are looking for
regards
Johanna
On Mon, Nov 16, 2015 at 1:32 PM, Vaibhav Gupta <vaibhav.gupta at owasp.org> wrote:
Hello OWASPians,
Is there any release/draft version of OWASP guidelines around code signing/digital signing of executables? 
Something like: What should be the signing process? Which hash algorithm to use? What should be the min/max expiry? Should we use time-stamping? Any blacklist algorithms? etc. ?
If we do not have any guideline in place, any suggestion around this would be appreciated. ThanksVaibhav
twitter.com/VaibhavGupta_1





_______________________________________________

OWASP-Leaders mailing list

OWASP-Leaders at lists.owasp.org

https://lists.owasp.org/mailman/listinfo/owasp-leaders





_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151117/3f7e2bde/attachment.html>


More information about the OWASP-Leaders mailing list