Protect Yourself from the Recent dockerhub.com Attack

Last week's dockerhub.com attack affects hundreds of thousands of accounts and exposes their containers to malicious code. We at CodeNotary publish open source software too and wanted to make sure our containers were unaffected.  Here’s how we did it: Verify Container Authenticity and Integrity Create a free account on codenotary.io Sign the local copy of your Docker…


Can GPG Secure the Software Industry?

Code signing is important for proving the integrity and authenticity of software but can GPG secure the Software Industry? Digital certificates issued by certificate authorities are generally used to perform this task, but as we know and mentioned in a few blogs, here and here, they have strong limitations, such as: They can be stolen They are coarse granular Identities can be faked with…


Jenkins Build Deployment Pipeline: A How To for Ensuring Integrity

In this blog, we will briefly touch on the importance of DevOps having strong security, current hole in DevOps security aka DevSecOps, Jenkins Automation’s role in the build process, and with a technical walkthrough on how to integrate the vChain CodeNotary tool with your Jenkins build deployment pipeline to ensure its integrity. The Weak Link in DevOps Pipelines DevOps has been widely adopted…


The Failure of the Certificate Revocation List (CRL)

SHAttered: Cracks in Certificate Revocation List Protocols and How to Move Beyond Their Limitations Overview When cybercriminals mask themselves in a cloak of trust utilizing stolen, legitimate credentials in order to infect entities, programs, and code, the world has more often than not turned to utilize a certificate revocation list (CRL). The CRLs cross-reference known legitimate trusted…


vChain CodeNotary adds trust to software

Under the imperative of shorter time-to-market, companies are putting ever-increasing pressure on development teams to deliver faster. As results, developers tend to use as much as possible existing code and libraries. While this practice increases overall efficiency, it also creates significant exposure to risk. Over the last twelve months, data hacks have severely impaired even the largest…


vChain, the global standard for enabling high-integrity, verifiable software distribution, opens its European research and development center in Vienna.

vChain offers a de-centralized trust verification platform for software publishers enabling businesses for the first time to authoritatively assert the provenance of the software they use for their mission critical applications. Moshe Bar, CEO of vChain visiting the Vienna office today, said “Our solution is changing forever the way vendors and businesses manage software. vChain has assembled a…


vChain, weltweit führend in sicherer und überprüfbarer, blockchain-basierter Softwarebereitstellung, eröffnet heute sein europäisches Forschungs- und Entwicklungszentrum in Wien.

vChain entwickelt eine dezentralisierte Plattform für Software-Entwickler zur Überprüfung der Vertrauenswürdigkeit und Integrität von Softwarepaketen- und komponenten. Unternehmen jeder Größe können erstmals die genaue Herkunft sowie Struktur, der von ihnen für ihre geschäftskritischen Anwendungen verwendeten Software auf einer fälschungssicheren Plattform prüfen. Moshe Bar, CEO von vChain,…