Azure Updates: GitHub Universe; Signing Transparency; Azure Essentials

Microsoft CVP Jessica Hawk shared insights from the GitHub Universe event. GitHub has emphasized a new era of collaboration, with agents becoming a key part of software development. GitHub can run in the cloud or locally, supporting expanded security, scalability, and trust with Agent HQ. During the event, GitHub touted achievements like 180 million developers, 80 percent of developers using Copilot in the first week, and 4.3 million AI-related repositories. 

Microsoft CTO Mark Russinovich looked into ways to improve software supply chain security with Signing Transparency. Increasingly, attackers exploit code-signing certificates to create malicious updates. The goal of Signing Transparency is to improve verifiability and accounting at scale. 

“When it comes to software, Signing Transparency means every signed artifact signature is recorded in a tamper-evident, open source, publicly accessible ledger. This way, anyone can later query and audit the ledger to confirm when and what was signed, and by whom, including the ledger itself, making it much harder for attackers to hide malicious signatures,” Russinovich wrote. Signing Transparency is a cloud-managed service that leverages transparency logs to create auditable records of software signatures.

Cyril Belikoff, Vice President of Commercial Cloud and AI Marketing, explored ways to improve resiliency in the cloud with Azure Essentials.