thawte White Paper Discusses the Importance of Code Signing Certificates

For software developers, it is critical that products made available on the Internet are secure, and that customers know that their software comes from the publisher they expect it to, without alteration or corruption. A Code Signing Certificate is vital in giving developers and customers that peace of mind.

A new white paper, “Certify your Software Integrity with thawte Code Signing Certificates,” from thawte, a global certificate authority, discussing the importance of obtaining a code signing certificate. The paper also examines how the certificate works, how it may be used, and the role thawte plays in securing customers' code.

Code signing enables developers to sign their applications digitally. Based on the strength of that signature, a browser or operating system then decides whether or not the software is trustworthy. Customers who download software signed with thawte's Code Signing Certificate may be assured of the content source as well as the integrity of the content. This also provides users with recourse to the publisher, should the software platform be malicious or introduce unacceptable activity to their computers. Both the accountability, as well as the possibility of recourse, serve as a deterrent to the distribution of harmful or malicious code.

thawte Code Signing Certificates offer assurance about the identity of the publishing organization, and are designed to represent the same high level of assurance provided by retail channels for software. The company's certificates are used to sign Java applets for the Java 2 plugin, Navigator/JVM 1.1.x and Microsoft (News - Alert) Authenticode. They may also be used for signing .cab, .exe and .dll files, as well as for signing Office 2000 Macro and Internet Explorer Object files.

The company offers a number of different Code Signing Certificates, as well as an option that may be used across the board. It is important to note that thawte does not certify an organization's code. Instead, after certifying the identity of the publishing organization, the developer is issued a certificate. Thawte does not certify the quality or intent of code, only the identity.

The white paper offers instructions showing how customers can identify a publishing organization's digital signature. The company also suggests time stamping of code, which can alert users that the code was signed while the publisher's certificate was still valid. Once code is signed, it is possible to have a signature time stamped by an independent party like VeriSign (News - Alert).

Additional features of the paper include how to use the Multiple Code Signing Certificate most effectively, as well as a list of useful URLs, the value of authentication in general and information on contacting thawte. The white paper is available as a free download on TMCnet.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Stay in touch with everything happening at ITEXPO… follow us on Twitter