"Boosting Faith in the Authenticity of Open Source Software"

A team of researchers developed a new system called Speranza to reassure software consumers that the product they are receiving has not been tampered with and is coming directly from a trusted source. Speranza expands on Sigstore, a system introduced last year to improve software supply chain security. According to the researchers, Speranza ensures that software comes from the correct source without needing developers to reveal personal information such as email addresses. This article continues to discuss the purpose and goals of the Speranza system.

MIT CSAIL reports "Boosting Faith in the Authenticity of Open Source Software"

Submitted by grigby1