SignPath GmbH

🚀 Starting the New Year off right, with a €5M Series A investment!    We are excited to announce that TIN Capital has joined us in our mission to enhance #SoftwareSupplyChainSecurity and ensure the integrity of software throughout the entire development process.    This investment represents a significant milestone for SignPath. Since our launch, we’ve gained traction across companies in a wide range of industries on several continents. Now, with the assistance of TIN Capital, we’re ready to embark on our next phase of growth.    The timing couldn’t be better. Organizations are more aware than ever that software breaches can have catastrophic consequences – far beyond the boundaries of any single company. Built on a foundation of advanced code signing, the SignPath code integrity platform secures existing software delivery pipelines from end-to-end and enables organizations to deliver software that’s authenticated, tamper-proof and compliant with industry standards.    In the words of TIN Capital themselves: “A single-minded focus on code vulnerabilities is no longer adequate to defend against professional cybercriminals or state actors. We see SignPath as an essential piece of the puzzle to ensure secure and resilient software supply chains.”    TIN Capital’s support will provide the fuel we need to expand the team and scale operations to keep up with demand. Their dedicated cybersecurity expertise and network will enable us to capitalize on the huge potential for growth over the coming two years, while contributing to a more resilient digital future for everyone.     You can read the full release here: https://lnkd.in/e9i4N_Ry    🙏 We’re grateful to all the developers, customers and partners who’ve helped us to reach this milestone.    🎉 Huge thanks to Reinout vander Meulen, Roel Reijnen, Bart Houlleberghs and the team at TIN Capital | European Cybersecurity Investors!!  #CyberSecurity #CodeSigning #PipelineIntegrity #SupplyChainSecurity

🚀 Exciting News: €5M Investment in SignPath kicks off 2025! (link to press release: https://lnkd.in/e9i4N_Ry) We are thrilled to announce a €5M investment in SignPath GmbH; pioneers in secure, automated code-signing solutions. This Series A funding will power SignPath’s mission to enhance #SoftwareSupplyChainSecurity and scale operations across Europe and the USA. With their innovative platform that seamlessly integrates into CI/CD pipelines, SignPath ensures #CodeIntegrity, #Compliance, and protection against tampering and backdoors – helping organizations deliver trustworthy, tamper-proof software. This marks the second investment from TIN Capital’s European Cyber Tech Fund, reaffirming our commitment to supporting Europe’s most promising cybersecurity companies 💪. Together, we are building a more secure, resilient digital future. 🚀🔒✨ 🎉 Big congrats to Stefan Wenig, Stephan Brack and the entire team at SignPath! #CyberSecurity #CodeSigning #PipelineIntegrity #SupplyChainSecurity #CyberSecurityMadeInEurope

🚀 🚀 Today we’re re-launching SignPath Foundation web site @ signpath.org! 🚀 🚀 We created the SignPath Foundation as part of our mission to make code signing ubiquitous, especially for free open source projects (FOSS). FOSS projects have the most to gain from code signing. But getting a code signing certificate is a burden for most FOSS projects, with many limitations: - The certificate is issued to the person, not the project. - Users have no means of verifying that the software they install was built from the OSS repository. - The private key is delivered on a USB token, and therefore impossible to plug into cloud-based build processes. - $$$$ for every certificate issuance or re-issuance. The Foundation provides teams with a free code signing certificate. There's no need for personal identification -- we verify that the binary was built from the open source repository and vouch for that with our name. Just ask the team behind the FOSS project DB Browser for SQLite (DB4S). With well over 10M downloads, the team knows the benefits of delivering trusted code, and enabling projects verify and attest build security and integrity. Working with the SignPath Foundation, the DB4S team leveraged their free code signing certificate with SignPath's GitHub action to bake code signing into their CI/CD pipeline. Here's a perspective from SeongTae Jeong, a developer and the main packager for DB4S: "For us, code signing was not just an option, but a necessity to validate software binaries, prevent tampering, and for the convenience of our users. We are now able to distribute code-signed Windows binaries to our users thanks to SignPath’s well-written documentation, quick response to issues, and friendly support." You can read more about their experience here: https://lnkd.in/eJgsY3GQ SignPath Foundation is totally free – your private key 🔑 is even generated and stored on our cloud Hardware Security Module (HSM). 🔓🔓 If you’re working on an open source project, join the 70+ open source projects that rely on the SignPath Foundation to deliver trusted code. https://signpath.org/ #OpenSource #CodeIntegrity #FOSS

🚀 🚀 Today we’re re-launching SignPath Foundation web site @ signpath.org! 🚀 🚀 We created the SignPath Foundation as part of our mission to make code signing ubiquitous, especially for free open source projects (FOSS). FOSS projects have the most to gain from code signing. But getting a code signing certificate is a burden for most FOSS projects, with many limitations: - The certificate is issued to the person, not the project. - Users have no means of verifying that the software they install was built from the OSS repository. - The private key is delivered on a USB token, and therefore impossible to plug into cloud-based build processes. - $$$$ for every certificate issuance or re-issuance. The Foundation provides teams with a free code signing certificate. There's no need for personal identification -- we verify that the binary was built from the open source repository and vouch for that with our name. Just ask the team behind the FOSS project DB Browser for SQLite (DB4S). With well over 10M downloads, the team knows the benefits of delivering trusted code, and enabling projects verify and attest build security and integrity. Working with the SignPath Foundation, the DB4S team leveraged their free code signing certificate with SignPath's GitHub action to bake code signing into their CI/CD pipeline. Here's a perspective from SeongTae Jeong, a developer and the main packager for DB4S: "For us, code signing was not just an option, but a necessity to validate software binaries, prevent tampering, and for the convenience of our users. We are now able to distribute code-signed Windows binaries to our users thanks to SignPath’s well-written documentation, quick response to issues, and friendly support." You can read more about their experience here: https://lnkd.in/eJgsY3GQ SignPath Foundation is totally free – your private key 🔑 is even generated and stored on our cloud Hardware Security Module (HSM). 🔓🔓 If you’re working on an open source project, join the 70+ open source projects that rely on the SignPath Foundation to deliver trusted code. https://signpath.org/ #OpenSource #CodeIntegrity #FOSS

How do you secure the software supply chain with an integrated and automated control plane? Find out in this webinar! Our agenda covers: - Why code signing? - Why code signing itself is not enough? - A common offering from NTT and SignPath - Real-world use cases with existing customers https://lnkd.in/e-hf2iAw #codeintegrity #codesigning

It-sa wrap! Last week, the SignPath team spent three action-packed days at it-sa, Europe’s leading trade fair for IT security.  A huge shout out to our partners NTT Data for letting us share their booth! Overall, it-sa provided a great venue to connect with the community of partners that enables SignPath to offer comprehensive, end-to-end code integrity.  Also, as you can see, the event gave us a chance to sport new Signpath polos and hand out our new swag: pens with a built-in in light, so you can see what you sign. 🖋 (Get it?) Let’s continue the conversation! Join us and NTT Data for our webinar: Maximizing security with end-to-end code integrity. Link in the comments 👇 #it-sa #codeintegrity #codesigning

The SignPath team is excited to return to IT-SA Expo & Congress, Europe's leading trade fair for IT security. With our unique solution for securing the software supply chain, we'll be joining our partner NTT Data in Nuremberg! Feel free to visit us from October 22nd to 24th in Hall 9, Booth 427! Free tickets are available here: https://lnkd.in/d6a5XKT4 We will present the latest developments in end-to-end security for your software development environment, including Advanced Code Signing. We are also excited to share details on Pipeline Integrity and our Code Signing Gateway! Stop by the booth. We're looking forward to connecting!

SignPath zeigt die neuesten Technologien und Trends zur Absicherung von SW Entwicklungsumgebungen gegen Angriffe und Manipulationen auf der Heise Dev Sec in Köln vom 24. bis 26. September! Folgt uns für mehr!! https://lnkd.in/ehdkDQR5

SignPath zeigt die neuesten Technologien und Trends zur Absicherung von SW Entwicklungsumgebungen gegen Angriffe und Manipulationen auf der Heise Dev Sec in Köln vom 24. bis 26. September! Folgt uns für mehr!! https://lnkd.in/ehdkDQR5

Saying the quiet part out loud : Trust 🤜 🤛 . . . but verify! 🔍🔍🔍 🔦 No, we’re not talking about Cold War nukes anymore. The adage rings true wherever implicit expectations need to be explicitly declared and enforced. That’s called “zero-trust.” Nowhere is this more true today than in the software supply chain. 🚨 Gartner predicts that by 2025, 45% of organizations will experience attacks on their software supply chains 🔗🔗 —a threefold increase from 2021. 📈 Teams can no longer trust software components without verifying them.  SignPath’s mission is to  seamlessly integrate code signing into CI/CD pipelines. We are proud to lead the way in delivering critical, policy-driven security and trust into the DevSecOps framework. 🔗🔓🔗🔓 Read more about how SignPath provides zero-trust CI/CD pipelines in our blog post: “From Implicit to Explicit: Why Code Signing is the Missing Link in DevSecOps” Link in the comments 👇 👇👇 #DevSecOps #AppSecurity #CodeIntegrity