Eddie Glenn is the senior threat intelligence manager at Venafi and is responsible for researching the risks and threats of code signing and endpoint infrastructure. Eddie has more than 30 years of experience in enterprise software at companies such as IBM, Rational, and Wind River where he held a variety of senior level positions in product management and product marketing. Eddie is co-author of the Definitive Guide to Next Generation Fraud and has written for various industry publications. He has a Bachelor of Science degree in computer and electrical engineering from the University of Virginia, and an MBA from the University of Oregon.
Code Signing: A Security Control That Isn’t Secured
Enterprises know code-signing is an important security control, for both self-defense and external reputation protection, but most overlook securing the infrastructure that supports the signing process, leaving them vulnerable to security and brand risks.
This session will discuss the four main poor practices often applied to code-signing infrastructure. This will be followed by a look at how these poor practices result in operational inefficiencies and security risks. The session will highlight the abuse and exploitation enabled by these poor practices and their ramifications, including the use of code-signing certificates to sign malicious code.
The session will conclude with a look at creating a secure enterprise code-signing infrastructure, including signing operations and models, inter-organizational communications, process and policies, and certificates issuance and management. Overall, the session will consider what is needed to create an infrastructure foundation for code-signing that will scale and adapt as networks continue to evolve and grow.
Come and see Eddie at RVAsec! Register now.