Rant: Sign Your God &#$%^ Software

Not that I normally like to rant, but security is really important, and people are bad at security. One of the ways we secure things is trusted certificates—as a software developer who has a company something you need to do is buy a certificate to “sign” your software. Your certificate is issued by a 3rd party who performs some level of verification which indicates that you are a “real” software developer. It is a key part of the trust relationship when installing software. In fact unsigned software is used an indication by experts to identify malware.

Image result for cerfiticate

So who is the victim of my rant this week? Power Tap, the company that makes the power meter on my bicycle. They also make software that lets me download my cycling data. This software has two problems:

  1. It requires Java. Boo, hiss.
  2. It is unsigned. More booing, and hissing.

So, sign your software, so people don’t think it’s a virus. On my Mac I have to go into security settings and do bad things to even install this software. And then I have to do even worse things, like installing Java, in order to use it.

Share

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trust DCAC with your data

Your data systems may be treading water today, but are they prepared for the next phase of your business growth?