Blackboard should digitally sign installation files

Idea created by brian.bealer on Sep 4, 2018
    Under review
    Score0

    Blackboard should digitally sign installation files, including B2 war files, using a non-self-signed certificate.

     

    Verifying the authenticity of the software prior to installation validates the integrity of the software received from a vendor. This ensures the software has not been tampered with and that it has been provided by a trusted vendor.

     

    At a minimum, Blackboard should provide cryptographically secure file hash values for installation files and B2 war files using SHA256 or stronger algorithms.

     

    (Reference DoD Application Server Security Requirements Guide::VulnID: V-57495)

    Product Version (if applicable):0