Apple, Android emphasize the importance of code signing certificates
Identity verification has become an important part of protecting consumers, but it is just as important for software developers to build trust with those using their programs. Both Apple and Android, for example, have infrastructure in place to enforce the use of code signing certificates for applications distributed through their respective app stores.
TechTarget's Crystal Bedell analyzed the code signing policies of each vendor. Fortunately for mobile app developers, Apple and Android make it easy to digitally sign code after entering a company's developer program. Because the process is streamlined, programmers don't have to concern themselves with the finer points of code signing. In addition, Apple also signs software that is distributed through its store, making it difficult for non-verified software to run on iOS devices.
For other developers, the process is a little bit more complicated. As Bedell noted, there are free tools available to generate digital code signing hashes. However, these have little or no identity authentication procedures. As a result, Bedell highlighted the value of using code signing certificates from a reliable certificate authority. Signing software this way improves the security of the program and builds trust with consumers, but it can also be beneficial to developers themselves.
"A lot of developers use third-party code and open source libraries," said August Detlefsen, a security consultant for AppSec Consulting, according to the news source. "If you're building significant apps that require security, you should also check the authenticity of the code you're using. Code signing provides one way of knowing that the code you're downloading is verified to be the original and hasn't been tainted in some way. Before you run it, verify the signature."
Open source gains momentum
It is no secret that using the open source philosophy has achieved notable success. Whether it's the popularity of programs like OpenOffice or the growing momentum of Facebook's Open Compute Project, the paradigm has gained traction at both the hardware and software level. VentureBeat columnist Jolie O'Dell recently observed that some of the major hardware manufacturers are also shifting their focus to open source. For example, AMD, Intel and Rackspace have all announced new hardware offerings based on OCP designs.
"The Open Compute Project is the internet and hardware industries' attempt to make computing vastly more efficient by pooling knowledge and resources," O'Dell wrote. "Close competitors are actually working collaboratively to come up with a better motherboard, a better power supply."
As both software and hardware are developed in an increasingly collaborative ecosystem, maintaining trust among developers is likely to become critical to the success of projects. Software developers can start building that trust by obtaining a Thawte code signing certificate to secure their programs.