press mention

JustinCappos · JustinCappos · commit 651b91d97ade · 2025-06-13T21:45:51.000-04:00
diff --git a/personalpages/jcappos/index.htm b/personalpages/jcappos/index.htm
@@ -123,7 +123,7 @@ <h2 class="title">Contact</h2>
 <ul>
 
 <li> <a href="https://theupdateframework.com/">TUF</a>, a
-graduated CNCF project which is used to secure software repositories both in
+  graduated <a href="https://www.cncf.io/">CNCF</a> project which is used to secure software repositories both in
 the cloud and 
  <a href="https://pyfound.blogspot.com/2020/10/key-generation-and-signing-ceremony-for.html">a</>
  <a href="https://blog.sigstore.dev/sigstore-bring-your-own-stuf-with-tuf-40febfd2badd">variety</a>
@@ -132,19 +132,25 @@ <h2 class="title">Contact</h2>
  <a href="https://www.linuxfoundation.org/press/announcing-openpubkey-project">use</a>
  <a href="https://engineering.nyu.edu/news/national-science-foundation-funds-nyu-tandon-school-engineering-project-safeguard-us-laws-and">cases</a>,
 
-<li> 
-<a href="https://in-toto.io/">in-toto</a>, an incubating level CNCF project,
+<li>
+<a href="https://in-toto.io/">in-toto</a>, a graduated level CNCF project,
 which is used by thousands of companies to secure the software supply chain 
 (and is also being <a href="https://sbomit.dev/">extended to secure SBOMs</a>),
 
+<li>
+<a href="https://gittuf.dev/">gittuf</a>, an incubating level 
+<a href="https://openssf.org/">OpenSSF</a> project which secures users of Git 
+repositories and forges 
+(e.g., GitHub, GitLab, etc.) against supply chain attacks, and
+
 <li> <a href="https://uptane.github.io/">Uptane</a>, a JDF project for securing
 automotive software updaters against nation-state actors, which is both a 
 <a href="https://uptane.org/docs/standard/uptane-standard">JDF</a>
 and <a href="https://ieee-isto.org/">IEEE/ISTO</a> standard.
 
 </ul>
 
-He created and facilitates the Linux Foundation's TAG Security <a href="https://github.com/cncf/tag-security/tree/main/assessments">security assessment process</a> and wrote <a href="https://tag-security.cncf.io/community/assessments/Open_and_Secure.pdf">a book</a> about it.
+He created and facilitates the Linux Foundation's TAG Security and Compliance <a href="https://github.com/cncf/tag-security/tree/main/assessments">security assessment process</a> and wrote <a href="https://tag-security.cncf.io/community/assessments/Open_and_Secure.pdf">a book</a> about it.
 His open source <a href="/projects">research advances</a> 
 are adopted into production use by Docker, git, Python, VMware, automobiles, 
 Cloudflare, Microsoft, Amazon, Google, IBM, Digital Ocean, and major Linux 
diff --git a/personalpages/jcappos/press.htm b/personalpages/jcappos/press.htm
@@ -727,6 +727,14 @@ <h3>Quick links</h3>
 </p>
 
 
+<p><strong>"Attestations: A new generation of signatures on PyPI"</strong>
+<a href="https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/">Article</a> 
+(press coverage related to <a href="https://in-toto.io/">in-toto</a>) </br>
+The Trail of Bits Blog, November 2024.
+</p>
+
+
+
 <p><strong>"How do video game companies like Game Freak keep getting hacked?"</strong>
 <a href="https://www.polygon.com/analysis/465967/pokemon-game-freak-nintendo-hack-leak">Article</a> </br>
 Polygon, October 2024.
