|
| 1 | +--- |
| 2 | +title: Blogs |
| 3 | +--- |
| 4 | + |
| 5 | + |
| 6 | +> ## Securing RubyGems with TUF, Part 1 |
| 7 | +> |
| 8 | +> In this series of blog posts, I aim to explain the fundamental concepts of TUF and how they apply to RubyGems. |
| 9 | +> |
| 10 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-1/) |
| 11 | +
|
| 12 | +--- |
| 13 | + |
| 14 | +> ## Securing RubyGems with TUF, Part 2 |
| 15 | +> |
| 16 | +> How The Update Framework (TUF) protects clients from installing maliciously modified gems. In this post, we extend that system to allow developers to update their own gems. |
| 17 | +> |
| 18 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-2/) |
| 19 | +
|
| 20 | +--- |
| 21 | + |
| 22 | +> ## Securing RubyGems with TUF, Part 3 |
| 23 | +> |
| 24 | +> How The Update Framework (TUF) enables developers to securely sign for their code, protecting clients from installing maliciously modified gems. |
| 25 | +> |
| 26 | +> [](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-3/) |
| 27 | +
|
| 28 | +--- |
| 29 | + |
| 30 | +> ## How TUF can secure software systems from update vulnerabilities |
| 31 | +> |
| 32 | +> Over the past couple years, The Update Framework (TUF) has grown into a de facto standard to secure software system updates for many kinds of applications. |
| 33 | +> |
| 34 | +> [](https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/How-TUF-can-secure-software-systems-from-update-vulnerabilities) |
| 35 | +
|
| 36 | +--- |
| 37 | + |
| 38 | +> ## How we securely autoupdate Osquery at Kolide |
| 39 | +> |
| 40 | +> How We Securely Autoupdate Osquery at Kolide using The Update Framework(TUF). |
| 41 | +> |
| 42 | +> [](https://blog.kolide.com/how-we-securely-autoupdate-osquery-at-kolide-b0eda6ad05f6) |
| 43 | +
|
| 44 | +--- |
| 45 | + |
| 46 | +> ## CNCF Graduates TUF Project to Secure Software Updates |
| 47 | +> |
| 48 | +> The Update Framework (TUF) is made up of a set of libraries, file formats and utilities that can authenticate files and images before they are downloaded from a software repository. |
| 49 | +> |
| 50 | +> [](https://devops.com/cncf-graduates-tuf-project-to-secure-software-updates/) |
| 51 | +
|
| 52 | +--- |
| 53 | + |
| 54 | +> ## Exploring Docker Security – Part 3: Docker Content Trust |
| 55 | +> |
| 56 | +> Obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and got latest version of the image. |
| 57 | +> |
| 58 | +> [](https://blog.mi.hdm-stuttgart.de/index.php/2016/09/13/exploring-docker-security-part-3-docker-content-trust/) |
| 59 | +
|
| 60 | +--- |
| 61 | + |
| 62 | +> ## Fuchsia Friday: Amber keeps Fuchsia up to date and secure |
| 63 | +> |
| 64 | +> Newest additions to Fuchsia is The Update Framework “with the ambition of updating all components running on a Fuchsia system” including basic things like apps all the way down to the Zircon kernel and the bootloader. |
| 65 | +> |
| 66 | +> [](https://9to5google.com/2018/03/09/fuchsia-friday-amber-keeps-fuchsia-up-to-date-and-secure/) |
| 67 | +
|
| 68 | +--- |
| 69 | + |
| 70 | +> ## Secure Software Updates via TUF — Part 1 |
| 71 | +> |
| 72 | +> Software is all around us and we see them getting regularly updated. How secure are these updates? What are the reasons for securing them? How do they (secure updates) work under the hood? |
| 73 | +> |
| 74 | +> [](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-1-f9bbb34bcbbc) |
| 75 | +
|
| 76 | +--- |
| 77 | + |
| 78 | +> ## Secure Software Updates via TUF — Part 2 |
| 79 | +> |
| 80 | +> TUF secures the software update delivery system using mechanisms such as roles, their signatures (PKI), threshold number of signatures, file hashes, and file size. |
| 81 | +> |
| 82 | +> [](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-2-412c6a2b10ab) |
0 commit comments