View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 27, 2009

Microsoft to help prime SignaCert’s whitelist database

Builds provenance repository of allow lists

By CBR Staff Writer

Security start-up SignaCert Inc has won a vote of confidence from Microsoft over the use and development of its whitelisting security methods.

The Portland, Oregon-based business announced that its neighbours up in Redmond had agreed to start sharing data for use in its whitelist security database, with the start-up announcing that it would be “working with Microsoft to exchange known-provenance whitelist methods, standards, and content.” 

Whitelist methods are supplementing the usual blacklist anti-virus approaches to ensure that only authentic and authorised software can to be loaded and executed on a PC. The process is usually developed around a repository of known-provenance and vendor-independent software measurements, which are known as whitelists or allow lists. 

One of the challenges of the technique is coming up with a definitive list of trusted software. 

SignaCert’s database, which is called the Global Trust Repository, works as a service that businesses can subscribe to gain access to its known-provenance whitelist measurements. 

Having Microsoft and other independent software vendors provide inputs to the database is seen as step that will improve the reliance of the whitelists.

The company describes its database as a collection of software measurements that it obtains through direct partnerships with software vendors covering a broad range of operating systems, device drivers, and applications. “This known-provenance approach is in stark contrast to competitive signature repositories, which rely on indiscriminate web-scraping technologies resulting in extremely unreliable and frequently misleading data.”

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

Vendors of more traditional security tools maintain that neither blacklisting or whitelisting is sufficient, and that software is needed which assesses the reliability of an application that is based on its history and its reputation. 

Analysts argue that the debate isn’t an either/or alternative. All of these methods need to be absorbed as foundation methods of next-generation system security.

SignaCert also said it would now be acting as a trusted third-party to aggregate Microsoft and other ISV software measures as a part of Global Trust Repository. For Microsoft, the move adds deep software object reputation services to be delivered under the Microsoft Security Advisory Service (MSAS) branding.

SignaCert was set up more than four years ago by Tripwire founder Wyatt Starnes. The business has just closed a new round of financing, meaning it has raised a total of $17 million from investors such as Intel Capital and Portland-based SmartForest Ventures.




Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.