The Certificate Authority Security Council (CASC) is now engaged in an education campaign to expand awareness of code signing. The CASC is an industry group that was launched in February 2013 and that includes the world’s leading Certificate Authorities (CAs).
A CA is an organization that issues and manages security certificates that are used for Secure Socket Layer (SSL) encryption as well as application code signing. The CASC also works hand in hand with the CA Browser (CAB) forum, which is a group that includes both CAs and web browser vendors.
The basic idea behind code signing is that an application can be signed by a software developer with a valid certificate from a CA. The role of the CA is to verify that the certificate has been granted to an authentic application. If the application is later compromised and is deemed to be malicious, the CA should be able to revoke the certificate. The malicious application should no longer work once the CA has revoked the certificate if the system works as it is supposed to.