Software developers may often assert the legitimacy of their products to consumers by appending digital certificates to files they have created. A digital certificate may verify or identify the creator of a file by providing a “signature” that contains a hash of the file after it has been encrypted with a private key. A user or computing device wishing to verify the identity of the file's creator may decrypt the signature using a corresponding public key. In some examples, a digital certificate may be signed directly by the creator of a file (e.g., the creator may sign the certificate with their own private key). In other examples, software developers may request that a third party (e.g., a certificate authority) sign a digital certificate on their behalf. If a user accessing a file trusts the signer of the file's digital certificate, the user may conclude that the creator of the file is accurately asserting their identity and therefore trust content within the file. Otherwise, the user may conclude that the file is potentially malicious.
Unfortunately, traditional systems for determining reputations of digital certificate signers may be unable to accurately and efficiently classify signers as malicious or legitimate. For example, conventional security technologies may determine a reputation of a digital certificate signer based on reputations or security characteristics of files signed by the digital certificate signer. However, because digital certificate signers may sign thousands of digital certificates, such analyses may be costly, time-intensive, and ultimately ineffective. Moreover, due to the large numbers of files associated with digital certificate signers, incorrectly classifying a signer may result in widespread security concerns for users and enterprises. The instant disclosure, therefore, identifies and addresses a need for systems and methods for determining reputations of digital certificate signers.