SignaCert Announces General Availability of Whitelist ISV Harvest Program

Share Article

Leader in configuration-based whitelisting formalizes software whitelist aggregation programs for ISVs

Given SignaCert's background and expertise in software measurement and whitelisting methods, we very much value our partnership with them. We look forward to a long-term exchange of software package measurements that will ultimately contribute to an extended white list capability.

SignaCert, the leading provider of known-provenance whitelist content and methods for end-to-end IT standards-based trust and compliance solutions and partnerships, announced today general availability of its Whitelist Content Harvest Partner Program for ISVs and OEMs.

Included in all SignaCert Harvest Partner offerings is a license for early access to the Data Exchange Format (DEF), which was jointly developed by Microsoft and SignaCert, and will be made available later this year to the broader market as the de-facto standard whitelist exchange schema. The DEF schema includes fields to support provenance ranking, indicating the degree to which users can be confident that the software reflects the original build by the software author.

The benefits for ISV and OEM participation in these programs include having direct-from-supplier (known-provenance) measurements in a standards-based, vendor and data type neutral data-validation resource. These databases are seeing increasing interest from end-customers to ensure IT system software compliance and enhanced security. Programs are available to enable turnkey participation in the whitelist ecosystem including professional services and hardware/software tools.

The Whitelist Harvest Partner Program is tiered in terms of support as follows:

  • Base Harvest Program: Provides entry-level documentation and whitelist method and formats in order to understand the schema and base harvesting methods.
  • Mid-size ISV/OEM Support Program: Provides software tools and support to enable automated harvesting of whitelist content from a wide variety of software and package types including both Window and non-Windows formats. Nominal professional services support is included in the standard pricing.
  • Large ISV/OEM Support Programs: Includes hardware and software tools enabling fast and efficient harvest integration intended to directly interface into existing ISV build/release processes.

Whitelist methods are developing quickly in the market to supplement existing methods for information security, compliance, lifecycle management, and forensics. The SignaCert Global Trust Repository (GTR) is the largest vendor-independent, known-provenance commercial software whitelist repository and is available for license to any Partner and OEM applications for all use cases.

According to SignaCert founder and CEO Wyatt Starnes "We have finally reached the tipping point where whitelist methods clearly add strong defense-in-depth value to existing information security and compliance methods. SignaCert's patented technologies were designed from the ground up to support both known-provenance ISV content aggregation support as well as rich web services interfaces for OEM integration."

The Company announced a deep collaboration with Microsoft Reputation Services (MRS) team in April 2009 involving schema and method standardization. Further, MRS will supply measurements for Microsoft's commercially available software contained in the Microsoft Reputation Service; these will be supplied in the DEF standards directly to SignaCert, enabling the highest possible provenance score.

"Given SignaCert's background and expertise in software measurement and whitelisting methods, we very much value our partnership with them. We look forward to a long-term exchange of software package measurements that will ultimately contribute to an extended white list capability." said Greg Kohanim, Product Unit Manager of Microsoft.

In addition to the GTR content resources, SignaCert offers the Enterprise Trust Server, or ETS, enabling rich Configuration Whitelisting support for both end users and OEM integrators. The ETS brings GTR capability inside of the company's firewall. In additional to caching and comprehensive "over the wire" updating of GTR content to the database, ETS provides rich, web-based services to manage internal software as well as comprehensive reference configurations for the devices and IT systems.

About SignaCert
SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance whitelist technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.

Additionally, SignaCert's OEM and ISV Partners can supply to, or license content from, the SignaCert Global Trust Repository (GTR), adding new and important capabilities to their product offerings. All use cases are supported by a rich repository of vendor-independent software measurements. These "white" or "allow" list methods enable SignaCert's patented technology to be quickly deployed and provide immediate visibility into the actual state of IT infrastructure.

Founded in 2004 by 34-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world-class team of industry leaders with hands-on IT experience for its executive team, board of directors, and advisory board. SignaCert has received two US patents on IT whitelist method, and have registered these patents internationally.

SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.

For more general information visit:


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Dawn Glockler
Visit website