Explore the critical role of software signing and verification in supply chain security through this 26-minute conference talk by Marina Moore and Justin Cappos from NYU. Dive into The Update Framework (TUF), a technology utilized by sigstore, Notary, and Google Fuchsia for enhanced software artifact security. Learn about TUF's key features, its integration across diverse fields like container registries and automobiles, and its ability to determine appropriate key usage while preventing known attacks on software update systems. Discover upcoming developments aimed at improving secure software distribution at scale, enhancing usability, and emerging TUF applications. Gain valuable insights into strengthening your organization's software security practices and staying ahead of potential threats in the ever-evolving landscape of supply chain security.
TUF-En Up Your Signatures - Enhancing Software Distribution Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
TUF-En Up Your Signatures - Marina Moore & Justin Cappos, NYU
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Transport for Your Software Supply Chain with TUF
-
Verifying Software Signatures with TUF and Sigstore
-
No Keys? No Problem - Why You Can Trust Sigstore Signatures
-
Beyond Signatures - Using TUF and Notary to Secure Software Distribution
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Securing the Software Supply Chain with TUF and Docker - Protecting Against Distribution Attacks
