Explore a technical talk that delves into The Update Framework (TUF) and its expanding role in secure software distribution. Learn how TUF addresses the challenges of managing and distributing various types of metadata including attestations, SBOMs, and VEX statements in the software supply chain. Discover recent improvements and integrations implemented by Docker and Github, along with efforts to establish conformance testing across different TUF implementations. Understand how TUF ensures data integrity and up-to-date information while protecting against tampering. Get insights into the active development community behind TUF and find out how to contribute to this evolving project that's shaping secure software distribution in the cloud native ecosystem.
Overview
Syllabus
TUF: Secure Distribution Beyond Software - Marina Moore, Independent
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
TUF - Secure Distribution Beyond Software
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Secure Transport for Your Software Supply Chain with TUF
-
Demystify Secure Software Supply Chain Metadata
-
Talking TUF: Securing Software Distribution
-
TUF-En Up Your Signatures - Enhancing Software Distribution Security
