Blogs

How we securely autoupdate Osquery at Kolide

Published on: May 3, 2024

How We Securely Autoupdate Osquery at Kolide using The Update Framework(TUF).

Read more

Security audit of go-tuf The Update Framework

Published on: August 30, 2023

In this post, we’ll share the results of a recent security assessment of the Go implementation of TUF. go-tuf is one of the most widely adopted TUF implementations used by many projects, including sigstore

Read more

Safety for All with Repository Service for TUF

Published on: June 6, 2023

Repository Service for TUF is part of VMware’s broader investment to help improve security across the industry’s software supply chain.

Read more

Using The Update Framework in Sigstore

Published on: August 11, 2021

We use TUF in the Sigstore project to protect our own keys and infrastructure, but we’re also hoping to make it possible for end users to use TUF on their own, using the Sigstore tools. I call this the TUF sandwich!

Read more

Enhancing Software Update Security With TUF (The Update Framework)

Published on: September 10, 2020

The Update Framework (TUF) is a flexible, open source framework and specification that developers can adopt into any software update system.

Read more

Secure Software Updates via TUF — Part 2

Published on: September 1, 2020

TUF secures the software update delivery system using mechanisms such as roles, their signatures (PKI), threshold number of signatures, file hashes, and file size.

Read more

Secure Software Updates via TUF — Part 1

Published on: August 18, 2020

Software is all around us and we see them getting regularly updated. How secure are these updates? What are the reasons for securing them? How do they (secure updates) work under the hood?

Read more

How TUF can secure software systems from update vulnerabilities

Published on: August 1, 2020

Over the past couple years, The Update Framework (TUF) has grown into a de facto standard to secure software system updates for many kinds of applications.

Read more

CNCF Graduates TUF Project to Secure Software Updates

Published on: December 18, 2019

The Update Framework (TUF) is made up of a set of libraries, file formats and utilities that can authenticate files and images before they are downloaded from a software repository.

Read more

Fuchsia Friday: Amber keeps Fuchsia up to date and secure

Published on: March 9, 2018

Newest additions to Fuchsia is The Update Framework “with the ambition of updating all components running on a Fuchsia system” including basic things like apps all the way down to the Zircon kernel and the bootloader.

Read more

How The Update Framework Improves Security of Software Updates

Published on: April 24, 2017

How can software be updated securely? That’s the challenge that The Update Framework (TUF) aims to solve.

Read more

Exploring Docker Security – Part 3: Docker Content Trust

Published on: September 13, 2016

Obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and got latest version of the image.

Read more

Securing RubyGems with TUF, Part 3

Published on: December 10, 2013

How The Update Framework (TUF) enables developers to securely sign for their code, protecting clients from installing maliciously modified gems.

Read more

Securing RubyGems with TUF, Part 2

Published on: December 9, 2013

How The Update Framework (TUF) protects clients from installing maliciously modified gems. In this post, we extend that system to allow developers to update their own gems.

Read more

Securing RubyGems with TUF, Part 1

Published on: December 6, 2013

In this series of blog posts, I aim to explain the fundamental concepts of TUF and how they apply to RubyGems.

Read more

  Contents