I agree that an attacker that could get a beachhead inside a hardware/os provider and sneak in a vuln into source control that isnt caught via code review and other means could create a back door that would get signed.
-
-
No hardware or OS vendor in a major system I would be irresponsible enough to use the processes used by companies like Adobe to protect Authenticode code signing keys.
-
If we say if these OS and hardware vendors reduced their practices to what is used by Adobe for their Authenticode keys which would be insane it would still be worse because of the authentication and signing pipeline needed.
- 16 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
