Explore a technical talk that delves into The Update Framework (TUF) and its expanding role in secure software distribution. Learn how TUF addresses the challenges of managing and distributing various types of metadata including attestations, SBOMs, and VEX statements in the software supply chain. Discover the framework's capabilities in ensuring data integrity and tamper resistance while keeping information current. Examine recent integrations with major platforms like Docker and Github, and understand the ongoing efforts for conformance testing across different TUF implementations. Get insights into how organizations can leverage TUF beyond traditional software updates to secure the distribution of signing keys and other critical metadata. Find out how to contribute to the active TUF community and participate in the project's continuous improvement efforts.
Overview
Syllabus
TUF: Secure Distribution Beyond Software - Marina Moore, Independent
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
TUF - Secure Distribution Beyond Software
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Secure Transport for Your Software Supply Chain with TUF
-
Talking TUF: Securing Software Distribution
-
Demystify Secure Software Supply Chain Metadata
-
TUF-En Up Your Signatures - Enhancing Software Distribution Security
