I'm startled that there's no mention of app whitelisting yet.
Code signing reduces ops overhead and latency in environments that are using app whitelisting.
If the code is signed, then the signing certificate can be trusted once. All upgrades and patches that are signed with that certificate can be automatically whitelisted, with no intervention from teams managing the whitelisting.
But if the code isn't signed, then if even a single byte changes in the executable, it must be re-whitelisted - usually manually.
The more signed apps there are, the easier it is for companies to start using application whitelisting, the fewer people are needed to maintain it, and the faster patches to those applications can be deployed. Making it easier for companies to move to whitelisting increases security for the ecosystem in the aggregate.
Code signing reduces ops overhead and latency in environments that are using app whitelisting.
If the code is signed, then the signing certificate can be trusted once. All upgrades and patches that are signed with that certificate can be automatically whitelisted, with no intervention from teams managing the whitelisting.
But if the code isn't signed, then if even a single byte changes in the executable, it must be re-whitelisted - usually manually.
The more signed apps there are, the easier it is for companies to start using application whitelisting, the fewer people are needed to maintain it, and the faster patches to those applications can be deployed. Making it easier for companies to move to whitelisting increases security for the ecosystem in the aggregate.