Maintaining The Update Framework (TUF) - Insights and Contributions
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the intricacies of maintaining The Update Framework (TUF) in this insightful talk by Joshua Lock from Verizon and Lukas Pühringer from NYU Tandon School of Engineering. Delve into the framework's role in securing content delivery and updates, its resilience against supply chain attacks, and its unique organizational structure comprising a specification, standardization process, and multiple implementations. Gain valuable insights into the different needs of various subprojects and witness a walkthrough of the recent reference implementation rewrite. Discover numerous opportunities to contribute to TUF and become part of its welcoming community dedicated to enhancing software supply chain security. Learn about TUF's origins in peer-reviewed research, its widespread adoption, and its status as a linchpin open-source project with third-party security audits. Understand the framework's specification primitives, implementation layering, and the Repository Service for TUF.
Syllabus
Intro
Software Supply Chain (SSC)
The Update Framework (TUF)
Originated in peer reviewed research
Widely adopted and adapted
Linchpin open source project
Third-party security audit
TUF specification primitives
TUF implementation layering
Repository Service for TUF
Taught by
CNCF [Cloud Native Computing Foundation]