Overview
Explore a technical talk that delves into The Update Framework (TUF) and its expanding role in secure software distribution. Learn how TUF addresses the challenges of managing and distributing various types of metadata including attestations, SBOMs, and VEX statements in the software supply chain. Discover recent improvements and integrations implemented by Docker and Github, along with efforts to establish conformance testing across different TUF implementations. Understand how TUF ensures data integrity and up-to-date information while protecting against tampering. Get insights into the active development community behind TUF and find out how to contribute to this evolving project that's shaping secure software distribution in the cloud native ecosystem.
Syllabus
TUF: Secure Distribution Beyond Software - Marina Moore, Independent
Taught by
CNCF [Cloud Native Computing Foundation]