This article originally appeared on Software Development Times. Click the link below for the full version.
As a developer, you specialize in code – not security. However, as DevOps continues to blend roles and responsibilities, the typical software developer has become responsible for more and more operational aspects like security. A core component of application and IoT security is code signing.
Let’s start with a basic definition. Code signing is a cryptographic method used to digitally sign software and firmware to ensure that end users can verify that the code is authentic and hasn’t been tampered with since it was published. Developers digitally sign apps, software, and IoT-embedded firmware with a private key linked to a code signing certificate.