Maintaining The Update Framework (TUF) - Insights and Contributions
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the intricacies of maintaining The Update Framework (TUF) in this insightful talk by Joshua Lock from Verizon and Lukas PĆ¼hringer from NYU Tandon School of Engineering. Delve into the framework's role in securing content delivery and updates, its resilience against supply chain attacks, and its unique organizational structure comprising a specification, standardization process, and multiple implementations. Gain valuable insights into the different needs of various subprojects and witness a walkthrough of the recent reference implementation rewrite. Discover numerous opportunities to contribute to TUF and become part of its welcoming community dedicated to enhancing software supply chain security. Learn about TUF's origins in peer-reviewed research, its widespread adoption, and its status as a linchpin open-source project with third-party security audits. Understand the framework's specification primitives, implementation layering, and the Repository Service for TUF.
Syllabus
Intro
Software Supply Chain (SSC)
The Update Framework (TUF)
Originated in peer reviewed research
Widely adopted and adapted
Linchpin open source project
Third-party security audit
TUF specification primitives
TUF implementation layering
Repository Service for TUF
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Toto-Ally TUF: Simple Tools for a Secure Software Supply ChainLinux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Securing the Container Supply Chain with Notary, TUF, and Gatekeeper
Linux Foundation via YouTube Improving Package Repository Security - From White Papers to Practice
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube