|
| 1 | +--- |
| 2 | +title: Blogs |
| 3 | +--- |
| 4 | + |
| 5 | + |
| 6 | +> ## Enhancing Software Update Security With TUF (The Update Framework) |
| 7 | +> |
| 8 | +> The Update Framework (TUF) is a flexible, open source framework and specification that developers can adopt into any software update system |
| 9 | +> |
| 10 | +> [](https://blogs.vmware.com/opensource/2020/09/10/tuf-enhancing-software-update-security/) |
| 11 | +
|
| 12 | +--- |
| 13 | + |
| 14 | +> ## Security audit of go-tuf The Update Framework |
| 15 | +> |
| 16 | +> In this post, we’ll share the results of a recent security assessment of the Go implementation of TUF. go-tuf is one of the most widely adopted TUF implementations used by many projects, including sigstore |
| 17 | +> |
| 18 | +> [](https://blogs.vmware.com/opensource/2023/08/30/security-audit-of-go-tuf-the-update-framework/) |
| 19 | +
|
| 20 | +--- |
| 21 | + |
| 22 | +> ## Safety for All with Repository Service for TUF |
| 23 | +> |
| 24 | +> Repository Service for TUF is part of VMware’s broader investment to help improve security across the industry’s software supply chain. |
| 25 | +> |
| 26 | +> [](https://blogs.vmware.com/opensource/2023/06/06/safety-for-all-with-repository-service-for-tuf-2/) |
| 27 | +
|
| 28 | +--- |
| 29 | + |
| 30 | +> ## Using The Update Framework in Sigstore |
| 31 | +> |
| 32 | +> We use TUF in the Sigstore project to protect our own keys and infrastructure, but we’re also hoping to make it possible for end users to use TUF on their own, using the Sigstore tools. I call this the TUF sandwich! |
| 33 | +> |
| 34 | +> [](https://dlorenc.medium.com/using-the-update-framework-in-sigstore-dc393cfe6b52) |
| 35 | +
|
| 36 | +--- |
| 37 | + |
| 38 | +> ## Securing RubyGems with TUF, Part 1 |
| 39 | +> |
| 40 | +> In this series of blog posts, I aim to explain the fundamental concepts of TUF and how they apply to RubyGems. |
| 41 | +> |
| 42 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-1/) |
| 43 | +
|
| 44 | +--- |
| 45 | + |
| 46 | +> ## Securing RubyGems with TUF, Part 2 |
| 47 | +> |
| 48 | +> How The Update Framework (TUF) protects clients from installing maliciously modified gems. In this post, we extend that system to allow developers to update their own gems. |
| 49 | +> |
| 50 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-2/) |
| 51 | +
|
| 52 | +--- |
| 53 | + |
| 54 | +> ## Securing RubyGems with TUF, Part 3 |
| 55 | +> |
| 56 | +> How The Update Framework (TUF) enables developers to securely sign for their code, protecting clients from installing maliciously modified gems. |
| 57 | +> |
| 58 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-3/) |
| 59 | +
|
| 60 | +--- |
| 61 | + |
| 62 | +> ## How TUF can secure software systems from update vulnerabilities |
| 63 | +> |
| 64 | +> Over the past couple years, The Update Framework (TUF) has grown into a de facto standard to secure software system updates for many kinds of applications. |
| 65 | +> |
| 66 | +> [](https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/How-TUF-can-secure-software-systems-from-update-vulnerabilities) |
| 67 | +
|
| 68 | +--- |
| 69 | + |
| 70 | +> ## How we securely autoupdate Osquery at Kolide |
| 71 | +> |
| 72 | +> How We Securely Autoupdate Osquery at Kolide using The Update Framework(TUF). |
| 73 | +> |
| 74 | +> [](https://blog.kolide.com/how-we-securely-autoupdate-osquery-at-kolide-b0eda6ad05f6) |
| 75 | +
|
| 76 | +--- |
| 77 | + |
| 78 | +> ## CNCF Graduates TUF Project to Secure Software Updates |
| 79 | +> |
| 80 | +> The Update Framework (TUF) is made up of a set of libraries, file formats and utilities that can authenticate files and images before they are downloaded from a software repository. |
| 81 | +> |
| 82 | +> [](https://devops.com/cncf-graduates-tuf-project-to-secure-software-updates/) |
| 83 | +
|
| 84 | +--- |
| 85 | + |
| 86 | +> ## Exploring Docker Security – Part 3: Docker Content Trust |
| 87 | +> |
| 88 | +> Obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and got latest version of the image. |
| 89 | +> |
| 90 | +> [](https://blog.mi.hdm-stuttgart.de/index.php/2016/09/13/exploring-docker-security-part-3-docker-content-trust/) |
| 91 | +
|
| 92 | +--- |
| 93 | + |
| 94 | +> ## Fuchsia Friday: Amber keeps Fuchsia up to date and secure |
| 95 | +> |
| 96 | +> Newest additions to Fuchsia is The Update Framework “with the ambition of updating all components running on a Fuchsia system” including basic things like apps all the way down to the Zircon kernel and the bootloader. |
| 97 | +> |
| 98 | +> [](https://9to5google.com/2018/03/09/fuchsia-friday-amber-keeps-fuchsia-up-to-date-and-secure/) |
| 99 | +
|
| 100 | +--- |
| 101 | + |
| 102 | +> ## Secure Software Updates via TUF — Part 1 |
| 103 | +> |
| 104 | +> Software is all around us and we see them getting regularly updated. How secure are these updates? What are the reasons for securing them? How do they (secure updates) work under the hood? |
| 105 | +> |
| 106 | +> [](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-1-f9bbb34bcbbc) |
| 107 | +
|
| 108 | +--- |
| 109 | + |
| 110 | +> ## Secure Software Updates via TUF — Part 2 |
| 111 | +> |
| 112 | +> TUF secures the software update delivery system using mechanisms such as roles, their signatures (PKI), threshold number of signatures, file hashes, and file size. |
| 113 | +> |
| 114 | +> [](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-2-412c6a2b10ab) |
| 115 | +
|
| 116 | +--- |
| 117 | + |
| 118 | +> ## How The Update Framework Improves Security of Software Updates |
| 119 | +> |
| 120 | +> how can software be updated securely? That’s the challenge that The Update Framework (TUF) aims to solve. |
| 121 | +> |
| 122 | +> [](https://www.eweek.com/security/how-the-update-framework-improves-security-of-software-updates/) |
0 commit comments