{"id":1459,"date":"2023-02-09T11:41:02","date_gmt":"2023-02-09T11:41:02","guid":{"rendered":"https:\/\/signmycode.com\/blog\/?p=1459"},"modified":"2024-09-18T11:18:41","modified_gmt":"2024-09-18T11:18:41","slug":"code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","status":"publish","type":"post","link":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","title":{"rendered":"Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In this highly technology-driven world, no company is entirely safe from cyber-attacks. Even one of the IT giants \u2013 GitHub- faced exploitation, leading to stealing their Code Signing Certificates. There was only minimal impact on the organization and its software products.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But, from the incident, almost every small, medium, and large-scale company has been aware of securing their software publisher certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To understand the Code Signing Certificate security, let\u2019s start by looking at the GitHub incident.<\/p>\n\n\n\n<div class=\"wp-block-columns has-green-background-color has-background is-layout-flex wp-container-core-columns-is-layout-2367b857 wp-block-columns-is-layout-flex\" style=\"padding-top:35px;padding-bottom:30px\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-center has-large-font-size wp-block-paragraph\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-gray-color\"><strong>Be Safe with Extended Validation Code Signing<\/strong><\/mark><\/p>\n\n\n\n<p class=\"has-text-align-center wp-block-paragraph\"><b>Sign your software, application, drivers, and more with an EV(Extended Validation) Code Signing Certificate and get the highest security and trust!<\/b><\/p>\n\n\n\n<div class=\"wp-block-buttons alignwide is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button aligncenter\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/signmycode.com\/comodo-ev-code-signing\">Comodo EV Code Signing Certificate @ $279.99\/yr<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-github-code-signing-certificate-breach-incident\">The GitHub Code Signing Certificate Breach Incident<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">On December 6<sup>th<\/sup> of the recent year (2022), GitHub faced a cyber-attack, which made attackers successful in stealing the Code Signing Certificates. As per the statement by GitHub officials, malicious actors utilize the Personal Access Token of an internal machine to intercept the network and execute their illegitimate operations.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"679\" height=\"217\" src=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/04\/image.png\" alt=\"Github Code Signing Certificate Breach 2022\" class=\"wp-image-1770\" srcset=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/04\/image.png 679w, https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/04\/image-300x96.png 300w\" sizes=\"auto, (max-width: 679px) 100vw, 679px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Further, GitHub was not far behind to spot the attack, as its security team detected the breach on the very next day (December 7<sup>th<\/sup>, 2022). <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And instantly they get started with the investigation to discover impacted systems, network routes, customers, and their data. With this breach, everyone gets to know that GitHub also utilizes its repositories to store the source code of its software products.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a result of the investigation, the GitHub security team finds that attacker stole the Code Signing Certificates used to sign the Atom application for Mac and Windows desktops. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Moreover, they also revealed the Certificate details, which include:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Two DigiCert Code Signing Certificates<\/strong>. One expires on January 4, 2023, and the other on February 1, 2023.<\/li>\n\n\n\n<li><strong>One Apple Developer ID Certificate<\/strong>, valid up to 2027.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">A total of three Code Signing Certificates were with attackers, but during the investigation, there was no news defining their utilization of them. But, to mitigate the post-breach impact, GitHub has taken all precautionary measures.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-steps-taken-by-github-to-minimize-impact\">Steps Taken By GitHub To Minimize Impact<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Once GitHub was assured about the impacted Code Signing Certificate, customers, and applications, it instantly contacted the Certificate Authority. It led them to submit the certificate revocation request to disable attackers from signing any executable file on their behalf.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Moreover, <a href=\"https:\/\/github.blog\/2023-01-30-action-needed-for-github-desktop-and-atom-users\/\">GitHub notified<\/a> all the users of the Atom application to downgrade to the previous version and not install any updates until further notice. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Also, the company representatives have provided February 2, 2023, as the official date, when breached certificates will get revoked. As a result, newer app versions signed using those certificates will not function and the hacker will get disabled from signing.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"has-normal-font-size wp-block-paragraph\">In addition, GitHub has also removed the latest Atom desktop app rollout to secure customers from downloading them. And also recommended everyone scan their systems for any malware.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Until the day of certificate revocation, their security team is constantly strengthening the GitHub ecosystem and patching loopholes. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Further, below app versions are at risk and you should also avoid installing and using them:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GitHub Desktop Application Version 3.0.2 to 3.1.2<\/li>\n\n\n\n<li>Atom Application Version 1.63.0 and 1.63.1<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For security reasons, GitHub is no longer hosting these versions and they will get relaunched with the new Code Signing Certificates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-you-can-do-to-prevent-code-signing-certificate-from-breach\">What You Can Do To Prevent Code Signing Certificate From Breach?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After the GitHub Code Signing Certificate Incident, all organizations get aware of securing digital certificates. You must also protect your certificates, and to do it efficiently, the approaches below can help.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-enable-password-protection\">Enable Password Protection<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Always enable the password on the certificate file and share it only among authorized users to prevent its misuse. In addition, don\u2019t provide system access to everyone on which the certificate is present. You must utilize a strong password of a minimum of 15 characters consisting of alphabets, numerical, and special characters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-log-and-audit\">Log and Audit<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">Log the date, person&#8217;s name, designation, time, and system details whenever you utilize, import, or export a\u00a0<a href=\"https:\/\/signmycode.com\/code-signing-certificates\" target=\"_blank\" rel=\"noopener\">Code Signing Certificate<\/a><\/span>. It will help you discover who is accessing the certificate, which system, and at what time. As a result, if you discover any suspicious activity, it will be easier to find and assess its root cause.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-utilize-ev-code-signing-certificate\">Utilize EV Code Signing Certificate<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">For an additional security layer, you must prefer <a href=\"https:\/\/signmycode.com\/ev-code-signing\">Purchasing EV Code Signing Certificate<\/a>. CA provides its private key in an external hardware security module, which is compulsory to plug into the system for executing the signing procedure. In case your certificate gets breached, it will not work until the attacker doesn&#8217;t have a hardware token.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-prefer-different-testing-and-production-certificates\">Prefer Different Testing and Production Certificates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">You must prefer utilizing two Code Signing Certificates in the complete software development lifecycle. One must be used during the testing phase and the other during final production. It will help you prevent hackers from exploiting pre-build software in online repositories.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-limit-signing-with-a-single-code-signing-certificate\">Limit Signing With a Single Code Signing Certificate<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">You must not sign all applications and executable files with a single software, as if someone steals it you have to disable the functioning of all software signed with it. You can learn from GitHub that a breach would disrupt their functioning if they were using the same certificate for all of their applications.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But, the stolen certificates were in use for limited applications, which minimized the impact and helped GitHub continue business operations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-concluding-up\">Concluding Up<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The GitHub incident taught other software developers and publishers how to secure their Code Signing Certificates. Many people are discussing whether the attacker was able to sign the application with stolen certificates or not.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, the main concern must be implementing appropriate approaches to prevent unauthorized access to your digital certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If GitHub can be on target, it&#8217;s a matter of concern. Therefore, you must password-protect the certificate, prefer the EV Code Signing Certificate, and limit its usage.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this highly technology-driven world, no company is entirely safe from cyber-attacks. Even one of the IT giants \u2013 GitHub- faced exploitation, leading to stealing their Code Signing Certificates. There was only minimal impact on the organization and its software products. But, from the incident, almost every small, medium, and large-scale company has been aware&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\">Read More <span class=\"screen-reader-text\">Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach<\/span><\/a> <\/p>\n","protected":false},"author":1,"featured_media":1461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[148,147,149,150],"class_list":["post-1459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-code-signing-updates","tag-github-actions-code-signing","tag-github-code-signing-breach","tag-github-cyber-attacks","tag-stolen-code-signing-certificate","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Code Signing Security Awareness After GitHub\u2019s Certificate Breach<\/title>\n<meta name=\"description\" content=\"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach\" \/>\n<meta property=\"og:description\" content=\"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-09T11:41:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-18T11:18:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-after-github-attack-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-after-github-attack-jpg.webp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\",\"name\":\"Code Signing Security Awareness After GitHub\u2019s Certificate Breach\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp\",\"datePublished\":\"2023-02-09T11:41:02+00:00\",\"dateModified\":\"2024-09-18T11:18:41+00:00\",\"description\":\"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp\",\"width\":912,\"height\":453,\"caption\":\"Code Signing Security Publisher\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"name\":\"SignMyCode - Blog\",\"description\":\"Code Signing News, Updates\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\",\"name\":\"SignMyCode.com\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode.com\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Code Signing Security Awareness After GitHub\u2019s Certificate Breach","description":"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","og_locale":"en_US","og_type":"article","og_title":"Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach","og_description":"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.","og_url":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","og_site_name":"SignMyCode - Blog","article_published_time":"2023-02-09T11:41:02+00:00","article_modified_time":"2024-09-18T11:18:41+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-after-github-attack-jpg.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_image":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-after-github-attack-jpg.webp","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","url":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach","name":"Code Signing Security Awareness After GitHub\u2019s Certificate Breach","isPartOf":{"@id":"https:\/\/signmycode.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp","datePublished":"2023-02-09T11:41:02+00:00","dateModified":"2024-09-18T11:18:41+00:00","description":"A brief overview of the stealing of GitHub Code Signing Certificates, leading to learning about the fundamental approaches to prevent such incidents in the future.","breadcrumb":{"@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#primaryimage","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2023\/02\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach-2-jpg.webp","width":912,"height":453,"caption":"Code Signing Security Publisher"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/blog\/code-signing-security-publishers-getting-more-aware-after-githubs-certificate-breach#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Code Signing Security: Publishers Getting More Aware After GitHub\u2019s Certificate Breach"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/blog\/#website","url":"https:\/\/signmycode.com\/blog\/","name":"SignMyCode - Blog","description":"Code Signing News, Updates","publisher":{"@id":"https:\/\/signmycode.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/blog\/#organization","name":"SignMyCode.com","url":"https:\/\/signmycode.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","width":135,"height":86,"caption":"SignMyCode.com"},"image":{"@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/1459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/comments?post=1459"}],"version-history":[{"count":12,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/1459\/revisions"}],"predecessor-version":[{"id":4799,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/1459\/revisions\/4799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media\/1461"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media?parent=1459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/categories?post=1459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/tags?post=1459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}