I’ve been evaluating PSADT (for the company that I work for) as an alternative deployment wrapper solution to the internally developed solution that is presently in use. Part of this evaluation involves an in depth security assessment; I’ve been asked to make an inquiry to address a concern emphasized in the security assessment. Below is an excerpt from the assessment concerning signed executables/scripts in the PSADT.
Other observed vulnerabilities -Signing The PSADT products executable and scripts extracted did not appear to be signed. Recommendation to remediate: The security engineer recommends following up with the vendor/developers for a signed version of the product.
Question, are there any plans to sign executables/scripts included in the PSADT to satisfy Information Security vulnerability mitigation?