Microsoft signs all code that ships from it (that is except for the case when it doesn’t); so how does one verify that the code came from them vs. anyone with a fraudulent certificate claiming to be them? Well the answer is pinning, but the pinning for the most part does not happen at the signing … Continue reading How one typically verifies code comes from Microsoft