feat: add Cosign comparison

Author: VinnyBarton

marketing/content/securesbom_vs_cosign.md …keting/content/securesbom_vs_sigstore.mdmarketing/content/securesbom_vs_cosign.md renamed to marketing/content/securesbom_vs_sigstore.md marketing/content/securesbom_vs_cosign.md renamed to marketing/content/securesbom_vs_sigstore.md

@@ -5,75 +5,72 @@ date: 2025-10-20
 draft: false
 ---
 
-# SecureSBOM vs Sigstore
-
 A detailed comparison of **SecureSBOM** and **Sigstore**, two solutions addressing software supply chain integrity through signing and verification technologies.  
-While **Sigstore** focuses primarily on open-source ecosystems and OCI artifacts, **SecureSBOM** is built for enterprise-grade SBOM signing, verification, and compliance.
+While **Sigstore** focuses primarily on open-source projects and OCI artifacts, **SecureSBOM** is built for enterprise-grade SBOM signing, verification, and compliance.
 
 ---
 
 ## 🧩 Primary Use Case
 
 | Tool | Description |
 |------|--------------|
-| **Sigstore** | Open Source Software, OCI-Focused (SBOMs attached as a container artifact). |
 | **SecureSBOM** | Business / Enterprise Software, purpose-built for SBOM signing and verification. |
+| **Sigstore** | Open Source Software, OCI-Focused (SBOMs attached as a container artifact). |
 
 ---
 
 ## 📘 SBOM Support
 
 | Tool | Description |
 |------|--------------|
-| **Sigstore** | Treats all SBOMs as simple blobs. Supports **detached signatures only** for both SPDX and CycloneDX. |
 | **SecureSBOM** | Integrates directly with the **CycloneDX SBOM format** — supports **embedded signatures**, **property exclusion**, and also supports **SPDX detached signatures**. |
+| **Sigstore** | Treats all SBOMs as simple blobs. Supports **detached signatures only** for both SPDX and CycloneDX. |
 
 ---
 
 ## 🔐 Key Management
 
 | Tool | Description |
 |------|--------------|
+| **SecureSBOM** | **Automated** key lifecycle management using **HSMs**. Ideal for enterprise compliance and long-term trust. |
 | **Sigstore** | Ephemeral, short-lived keys/certificates from **Fulcio** with **OIDC authentication** — or manual key management (local or via cloud providers like GCP/AWS). |
-| **SecureSBOM** | **Automated** key lifecycle management using **cloud HSMs**. Ideal for enterprise compliance and long-term trust. |
 
 ---
 
 ## 🪪 Authentication
 
 | Tool | Description |
 |------|--------------|
-| **Sigstore** | OIDC (for keyless signing) or manual authentication for self-managed keys. |
 | **SecureSBOM** | Authenticated via **API Key**, enabling fine-grained access control and multi-tenant isolation. |
+| **Sigstore** | OIDC (for keyless signing) or external, self-managed authentication mechanisms. |
 
 ---
 
 ## 🔍 Transparency
 
 | Tool | Description |
 |------|--------------|
-| **Sigstore** | Public Record via **Rekor** (Certificate Transparency Logs). Verification relies on transparency records and public keys. |
 | **SecureSBOM** | **Private Record** system — verification performed using the **associated public key**, keeping enterprise signing activity confidential. |
+| **Sigstore** | Public record via public transparency logs. Verification relies on public keys and the public transparency logs. |
 
 ---
 
 ## 🧠 Summary
 
-- **Sigstore** simplifies signing for open-source contributors and CI/CD pipelines relying on OIDC identity proof and public transparency.  
-- **SecureSBOM** focuses on enterprise adoption, providing stronger SBOM format integration, private key isolation, HSM-backed signing, and internal verification capabilities.  
+- **SecureSBOM** focuses on enterprise adoption, providing stronger SBOM format integration, private key isolation, HSM-backed signing, and internal verification capabilities.
+- **Sigstore** simplifies signing for open-source projects and CI/CD pipelines relying on OIDC identity proof and public transparency.
 
 ---
 
 ### ✅ Ideal Fit
 
 | Use Case | Recommended Solution |
 |-----------|----------------------|
-| Open Source Ecosystems | **Sigstore** |
 | Enterprise Software & Supply Chain Security | **SecureSBOM** |
+| Open Source Projects | **Sigstore** |
 
 ---
 
 Want to learn more?  
 - [SecureSBOM Overview](/securesbom)  
 - [Sigstore Project](https://sigstore.dev)
-

marketing/hugo.toml

@@ -63,8 +63,8 @@ googleAnalytics = "G-CR0HB4HF2K"
 
   [[menu.main]]
     identifier = "securesbom_vs_cosign"
-    name = "SecureSBOM vs Cosign"
-    url = "/securesbom_vs_cosign/"
+    name = "SecureSBOM vs Sigstore"
+    url = "/securesbom_vs_sigstore/"
     weight = 2
 
   # ToDo - Add this back in when we have a better grasp of our professional services