So what about EV code signing?
Regular readers of The SSL Blog will know that I talk frequently about Extended Validation SSL and occasionally about code signing. Well, the CA/Browser Forum is interested in tackling EV code signing next. After all, there are plenty of benefits to definitively knowing who originated the code you're considering installing, just as one might want to definitively know who operates a Web site that one is viewing.
I may get into this subject more later (surely I will), but for the moment it will suffice to state that with the emergence of malware as an important new social engineering attack vector, EV code signing could be an important empowering factor for Web users interested in their own safety. eWeek's Larry Seltzer sees potential good and bad in this scenario, and I'll let him speak for himself.