TUF-En Up Your Signatures - Enhancing Software Distribution Security

Explore the critical role of software signing and verification in supply chain security through this 26-minute conference talk by Marina Moore and Justin Cappos from NYU. Dive into The Update Framework (TUF), a technology utilized by sigstore, Notary, and Google Fuchsia for enhanced software artifact security. Learn about TUF's key features, its integration across diverse fields like container registries and automobiles, and its ability to determine appropriate key usage while preventing known attacks on software update systems. Discover upcoming developments aimed at improving secure software distribution at scale, enhancing usability, and emerging TUF applications. Gain valuable insights into strengthening your organization's software security practices and staying ahead of potential threats in the ever-evolving landscape of supply chain security.

TUF-En Up Your Signatures - Marina Moore & Justin Cappos, NYU