Overview
Explore a technical talk that delves into The Update Framework (TUF) and its expanding role in secure software distribution. Learn how TUF addresses the challenges of managing and distributing various types of metadata including attestations, SBOMs, and VEX statements in the software supply chain. Discover the framework's capabilities in ensuring data integrity and tamper resistance while keeping information current. Examine recent integrations with major platforms like Docker and Github, and understand the ongoing efforts for conformance testing across different TUF implementations. Get insights into how organizations can leverage TUF beyond traditional software updates to secure the distribution of signing keys and other critical metadata. Find out how to contribute to the active TUF community and participate in the project's continuous improvement efforts.
Syllabus
TUF: Secure Distribution Beyond Software - Marina Moore, Independent
Taught by
CNCF [Cloud Native Computing Foundation]