INSIGHTS | October 31, 2025

Code Review & Dynamic Fuzzing of Microsoft’s Signing Transparency

Security Assessment of Microsoft’s Signing Transparency (ST)

IOActive performed a thorough security assessment of Microsoft’s Signing Transparency (ST) service, focusing on code review, dynamic analysis, and fuzz testing which is designed for use on Azure and is built on the Confidential Consortium Framework (CCF). Conducted from April to June 2025, the evaluation confirmed strong implementation security, secure integration, and compliance with ST’s objectives. Three informational findings suggested defence-in-depth improvements, and one medium-risk issue was resolved during the assessment. ST met its security commitments, though some assurances depend on hardware, system secrets, and users that were outside the scope.

Download the Full Report

NEWSLETTER SIGN UP
COPYRIGHT AND AI WARNING
©2025 IOActive Inc. All Rights Reserved. This website, including all material, images, and data contained herein, are protected by copyright. All rights are reserved. Content may not be used, copied, reproduced, transmitted, or otherwise exploited in any manner, including without limitation, to train generative artificial intelligence (AI) technologies, without IOActive’s prior written consent.