Keyfactor and Thales Address Code Signing Cyber-Attacks Targeting Businesses

Security leaders announce industry-first code signing product

a leading provider of secure digital identity management solutions,
today announced a new integration with Thales
that combines Keyfactor’s code signing platform with the high-assurance
key protection of Thales’ SafeNet
Cloud HSM On-Demand
. The result of this partnership, KeyfactorTM
Code Assure
, delivers secure code signing to software vendors,
mobile app developers, enterprise IT organizations, and manufacturers of
IoT devices.

“We’re seeing a rise in threats against code signing operations, like
the recent
ASUS hack
where attackers exploited code to plant and deploy malware
when businesses ran standard updates,” said Jordan Rackie, Chief
Executive Officer at Keyfactor. “These attacks erode the fabric of trust
that consumers and business users alike place in software publishers and
device manufacturers. This partnership and our highly integrated, hybrid
approach uphold digital trust, making end-to-end protection against
evolving code signing-based attacks simpler for innovative DevOps teams
and software providers.”

Code signing certificates are used to digitally sign applications,
drivers and software, allowing end users to verify the authenticity of
the publisher. Cyber-attackers can forge and compromise vulnerable
certificates and keys, often planting malware that detonates once a
firmware or software update is installed on a user’s system. Recent
pegs the cost of code signing certificate and key misuse at
$15 million and estimates a 29 percent likelihood that organizations
will experience code signing incidents over the next two years.

“Complete protection and control of code signing keys is challenging for
most businesses, especially as infrastructure and development teams are
widespread across the globe,” said Ted Shorter, Chief Technology Officer
and Co-founder at Keyfactor. “Faster release cycles and frequent code
changes in DevOps environments leave security teams fighting to keep
pace. Thales and Keyfactor designed Keyfactor Code Assure to empower
innovators, enabling them to secure code signing at the speed of DevOps.”

Keyfactor Code Assure stores all code signing certificates from
disparate network locations (i.e. developer workstations, build servers,
and thumb drives) in a centralized and secure HSM, Thales’ SafeNet Cloud
HSM On-Demand. Once inside, the certificates never leave the vault. Only
developers with the right access can request code signage, where it is
then signed and returned to the user. Access controls ensure that only
developers with the right privileges can sign software and firmware
during the time windows designated by the certificate owner.

“The Keyfactor platform has many applications for helping secure the
Internet of Things, manufacturing, connected automobiles as well as code
signing. The flexibility of these cloud solutions means customers can
move their enterprise services to the cloud and get all the benefits of
owning PKI while minimizing the risks,” said Todd Moore, Senior Vice
President of Encryption Products at Thales.

., a research and advisory firm, recommends companies “leverage
code repositories by enabling signing and time stamping code when it’s
checked in to build up a history over time that can inform specific
secure coding behaviors.”*

Keyfactor Code Assure has already been adopted by Fortune 500 leaders
that value security and trust as utmost priority. This integration
allows these organizations to:

  • Defend their business and users against the rising threat of code
    signing hacks
  • Get complete visibility and control of keys and certificates for
    security teams
  • Enable DevSecOps with simple and secure workflows for developers
  • Deploy with zero disruption to existing SDLC or build processes
  • Support secure code signing of virtually any code, anywhere –
    including Windows binaries, Java, IoT firmware, and more
  • Empower distributed development teams with a unique, patented
    technology to sign code from build servers and workstations – without
    the private keys ever leaving the auditable, protected confines of a
    Hardware Security Module (HSM)

For more information on Keyfactor Code Assure, please visit

*Gartner, Solution Comparison for PKI, April 26, 2019

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in
its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation.
Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied, with respect to
this research, including any warranties of merchantability or fitness
for a particular purpose.

About Keyfactor

Keyfactor is a leading provider of secure digital identity management
solutions that enable organizations to confirm authenticity and ensure
the right things are interacting in the right ways in our connected

From an enterprise managing millions of devices and applications that
affect people’s lives every day to a manufacturer aiming to ensure its
product will function safely throughout its lifecycle, Keyfactor
empowers global enterprises with the freedom to master every digital
identity. Its clients are the most innovative brands in industries where
trust and reliability matter most.


Keyfactor Media Contact
Sarah Hance
[email protected]

MRB Public Relations Media Contact
Michael Becce
[email protected]

error: Content is protected !!