It's not free but it's not expensive either. Most well known Windows open source projects have them; e.g. PuTTY, Wireguard, VLC, Rufus, etc.

Maybe it's high time for a free-as-in-beer CA for non-profit open source developers funded by donations?

Edit: I was wrong.

Prices on code signing certificates have skyrocketed to in excess of $500/year, due in part to continuing meddling by the CA/B forum which increased the requirements of standard certs to be the same as EV certs, and requiring the key to be stored in a hardware token—which must now be re-issued yearly.

This makes it near impossible to provide free or affordable certificates to developers. Thanks CA/B forum, lots of help as usual.

We're up for renewal with PortableApps.com. The same one year non-EV code signing certificate with a USB token that was US$246 last year is now US$434 from GlobalSign. The lower prices you see some places are for 2+ years.

Note that the certificate itself is only for 1 year regardless of how long you buy one for and you need to go through the renewal process each year just without payment.