The Update Framework (TUF) Maintainer Panel: Integrations, Enhancements, and Supply Chain Security
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Participate in a 40-minute panel discussion featuring maintainers from The Update Framework (TUF) projects, moderated by Andrew Krug from Datadog. Gain insights into new and upcoming TUF integrations and enhancements, exploring how the specification provides compromise-resilient security for software updates and distribution. Learn about TUF implementations in Python, Go, and Rust, used in production by organizations like Datadog, AWS BottleRocket, Google Fuchsia, and Sigstore. Discover the project's current state, its role in improving supply chain security, and behind-the-scenes perspectives on integrations with Sigstore and PyPI. Explore unique challenges surrounding maintenance, vulnerability disclosure, and consumption of an open-source project with multiple implementations. The discussion covers topics such as software repository management, top projects, cross-compatibility, continuous improvement, and future directions for TUF.
Syllabus
Intro
Introductions
Andrew Krug
Software Repository
Top Project
Cross Compatibility
Continuous Improvement
Whats Next
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Toto-Ally TUF: Simple Tools for a Secure Software Supply ChainLinux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Securing the Container Supply Chain with Notary, TUF, and Gatekeeper
Linux Foundation via YouTube Improving Package Repository Security - From White Papers to Practice
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube