EV Code Signing addresses two of the most commonly used vulnerabilities malware developers leverage to spread their malicious code – weak identity verification processes and poor private key protection.

• Strict vetting process – Applicants for EV Code Signing certificates go through a more rigorous application process than regular code signing certificates. In addition to verifying the publisher’s organization name, other corporate information, such as physical address and jurisdiction, are vetted. This thorough verification process makes it much more difficult for malware developers to impersonate and obtain a code signing credential to use for signing malware under the guise of a legitimate development company.

• Certificate stored on USB token – All GlobalSign Code Signing certificates are stored on cryptographic tokens. This makes it much more difficult for a malicious party to copy or steal the private key and use it to sign malicious software under the identity of the actual certificate holder.