It is Tech Friday.
Not as tasty as Lent Fish Fry Friday, but better for your cholesterol.

Let's talk about digital signatures for a moment.
I know it was where you already guessed I was going.

Quick introduction on digital signatures:
Companies that use software need a way to ensure the software they are running is the same software published by the software developer.
Digital signatures are the most common way of doing that.
Think of them like a that plastic seal around a bottle of medicine.

Both the programs themselves, and the libraries used, should realistically be digitally signed.
There are also mechanisms to do the signing properly.
It is a bit like Docusign or Adobe Acrobat Sign.
If you see one signature that Docusign has verified, then another signature on the page that is definitely NOT verified by Docusign, then you have an unenforceable contract.

Same thing with programs.
Less so with software libraries - that seems to be a bit of a Wild West scenario. (Non-Americans, please watch the documentary Back to the Future Part 3 for information about the American Wild West.)
We've already caught major vendors, including 2 security companies, have issues here with faulty software deployments. Cringe.

So we have things signed.
There are two types of signatures, depending on the environment.
One is ye old digital signature security dudes and dudettes (collectively called "jabronis"), and the other is a protocol Microsoft created "back in the day" called Authenticode.
Think of Authenticode of the geekier, socially awkward person in your friend group.
If your response is, "we don't have one of those"; my brother in engineering, I have some news for you.

Cyber Crucible, Inc. tracks these digital signatures, because there are certain programs our behavior models need to treat differently.
We still need to assess the programs, but need some tweaks while verifying no hackery was done. Or, if it wasn't it at least wasn't malicious.
The biggest category is the operating system itself.
We track Microsoft certificates very closely, because we need to closely interoperate with the OS.
So, when you see me comment like, "someone is having a bad day, we just saw over a dozen software releases in the past week", that's how we know.

Something you should never see in production environments, is this software digital signature from January signing your Windows software. We waited to ensure it wasn't around in Cyber Crucible customer spaces for a long enough period of time, but still redacted part of the hash.