pki
Safeguard articles tagged "pki" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Public key infrastructure (PKI)
What is PKI? A precise breakdown of public key infrastructure, the PKI certificate chain, root and intermediate CAs, and how trust hierarchies can break.
What is a Trust Store
Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.
What Is a Certificate Authority? The Root of Digital Trust
A certificate authority is the trusted third party that vouches for who owns a public key. It is the reason your browser can trust a website it has never seen before.
Code Signing Infrastructure Breach Response
A compromised signing key is the quietest crisis in security. A concrete playbook for responding when your code signing infrastructure is implicated.
Code Signing Certificates and Software Supply Chain Integrity
Code signing is a critical trust anchor in the software supply chain. This guide covers how it works, how it fails, and how to implement it correctly.
Certificate Authority Compromise and Supply Chain Risks
A compromised certificate authority can undermine TLS trust for your entire software supply chain. Understanding CA risks is essential for defending package integrity and secure distribution.