The SmartScreen stuff is another attempt at this - software that's not frequently seen is flagged as a potential problem. What's the equivalent to the "URL bar" for software? What's the equivalent to the ACME domain validation challenge? This is akin to LetsEncrypt for certs - can have a valid cert but it doesn't mean it's legitimate. Giving out free code-signing certificates also makes it easier for malware to get legitimate certificates. What can Microsoft do, as an alternative, that doesn't result in an identical or worse situation? Let's move this to a productive conversation though. Establishing trust is very hard problem, though. I get the sentiment here, it's very annoying for developers (including me).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |