News

Highlights

Here are our news highlights. For a complete list, see the Press section.

June 16, 2021

The Sigstore community live-streamed a key generation and signing ceremony for the Sigstore trust root, which is using The Update Framework (TUF) primitives to provide a PKI model with no single entity in charge of the trust root, and shorter root key lifespan than traditional PKI models.

March 5, 2021

The TUF specification is now published as a rich HTML document with a table of contents, syntax highlighting, cross-linking, and other features.

The new publication machinery also maintains a list of all versions published since the format change.

October 30, 2020

The Python Software Foundation live-streams a key generation and signing ceremony that marks the first practical steps in deploying The Update Framework (TUF) to the Python Package Index.

February 15, 2020

PEP 458, Secure PyPI Downloads with Package Signing, is accepted and merged into the Python Enhancement Proposals (PEP) tree.

December 19, 2019

TUF becomes the first project led by an academic and the first specification-based project to graduate from the Cloud Native Computing Foundation.

August 2019

Uptane becomes joins the Linux Foundation’s Joint Development Foundation, giving a pathway for ISO standardization of future versions of the specification.

July 31, 2019

The IEEE/ISTO standardizes version 1.0.0 of the Uptane specification.

June 3, 2019

Trishank Kuppusamy publishes a blog post announcing the integration of both TUF and a related framework, called in-toto, into Datadog Agent Integrations.

August 16, 2018

NYU Tandon School of Engineering becomes an associate member of the Linux Foundation and a Bronze member of Automotive Grade Linux on the strength of the Foundation’s adoption of Uptane and TUF projects.

July 31, 2018

The Uptane Alliance, a nonprofit entity organized under the umbrella of IEEE’s International Standards and Technology Organization is formed. The Alliance was tasked with overseeing the setting of standards for the implementation/deployment of Uptane, as well as the advancement and improvement of the technology itself.

January 25, 2018

Airbiquity receives a BIG Award for Business in the 2017 New Product of the Year Award category for its Uptane-based OTAmatic over-the-air software and data management solution.

December 7, 2017

Justin Cappos and David Lawrence, senior security engineer at Docker, jointly chaired the TUF/Notary Salon at KubeCon + CloudNativeCon North America. The flagship conference of the Cloud Native Computing Foundation was held in Austin, Texas, December 6-8, 2017.

October 24, 2017

The Linux Foundation announced at Open Source Summit Europe that TUF would become the latest hosted project of the Cloud Native Computing Foundation. TUF and Notary are the first security projects to be adopted by CNCF.

August 10, 2017

Lukas Pühringer presented the talk “Rough Times? TUF Shines” at DebConf17, an “annual conference for Debian contributors, and users interested in improving Debian.”
The conference took place in Montreal, Canada, August 6-12, 2017.

July 3, 2017

Dr. Trishank Karthik Kuppusamy defended his dissertation on TUF and Uptane. Congratulations! Work on these projects will continue as Sebastien, Vlad, Justin, and others move forward!

May 10, 2017

Justin Cappos gave a talk on TUF, Uptane, and in-toto at DockerCon 2017.

October 10, 2016

Lily Guo and Riyaz Faizullabhoy from Docker gave a talk on TUF and Notary at LinuxCon+ContainerCon Europe 2016. Slides of their talk are available here.

September 22, 2016

TUF now welcomes proposals to extend the specification! For more information, please see TUF Augmentation Proposals (TAPs).

August 24, 2016

Riyaz Faizullabhoy from Docker gave a talk on TUF and Notary at LinuxCon North America. Slides of his talk are available here.

March 18, 2016

Trishank Kuppusamy presents “Diplomat: Using Delegations to Protect Community Repositories” at NSDI 2016. Presentation slides and audio of the talk are also available

February 22, 2016

David Lawrence and Ying Li from Docker present at PyCon 2016. The title of their talk is: When the going gets tough, get TUF going

February 19, 2016

The Update Framework acquires a logo to call its own, thanks to Maria Jose Barrera (https://twitter.com/joseemari) who created the logo, and Santiago Torres who found Barrerra.

August 12, 2015

The Docker team announces Docker Content Trust, which integrates TUF via Notary. Docker Content Trust will be available starting with Docker 1.8, and supports image signing and verification. For more information on the Docker + TUF integration, consult this blog post.

Press

• Design2Part Magazine-April 2, 2020: Open Source Framework Helps Automakers Secure OTA Updates

• TechCrunch-March 11, 2020: AWS Launches Bottlerocket, a Linux-based OS for Container Hosting

• New Jersey 101.5-March 9, 2020: People are Pretty Reluctant to Embrace Self Driving Cars, Survey Says

• Python Foundation Blogspot-March 4, 2020: An Update PyPI Funded Work

• S&P Global-January 9, 2020: Wireless Vehicle Updates Pose Big Cybersecurity Risk for Automakers, Consumers

• MP3 Monster’s Blog-January 4, 2020: Security Vulnerabilities in Solution Deployment

• AV Network-December 27, 2019: Cloud Native Computing Foundation Announces TUF Graduation

• HelpNet Security.com-December 23, 2019: The Update Framework Graduates from the Linux Foundation’s Cloud Native Computing Foundation

• Linux Weekly News-December 19, 2019: Cloud Native Computing Foundation Announces TUF Graduation

• DevClass-December 19, 2019: The Update Framework Becomes the Ninth Project to Graduate CNCF

• DevOps-December 18, 2019: CNCF Graduates TUF Project to Secure Software Updates

• Linux Weekly News-July 24, 2019: Protecting update systems from nation-state attackers

• The Drive.com-July 23, 2019: Top OTA Expert Shows How State Actors Hack into your Car and What Happens Next

• Just Auto-May 30, 2019: HERE and Uptane Team on automotive/IoT security

• Traffic Technology Today-May 29,2019: HERE Technologies Joins the Uptane Alliance

• TMCnet.com-May 28, 2019: HERE Technologies Joins the Uptane Alliance

• Airbiquity.com-December 13, 2018: Airbiquity Bolsters OTAmatic™ Security And Data Analytic Features In Latest Over-The-Air (OTA) Software And Data Management Offering For Automotive

• Auto Cybersecurity Connected Car News-August 19, 2018: Uptane Prevents Attacks

• eweek.com-July 13, 2018: How The Update Framework Improves Software Distribution Security

• eSecurity Planet.com-June 13, 2018: Container and Kubernetes Security: It’s Complicated

• Airbiquity.com-January 2018: Airbiquity OTAmatic Named 2017 New Product Of The Year By Business Intelligence Group

• TechCrunch-October 2017: The Cloud Native Computing Foundation Adds Two Security Projects to its Open Source Stable

• Container Journal-October 2017: CNCF Adds 2 Projects to Better Secure Containers

• Enterprise Cloud News-October 2017: Cloud Native Computing Foundation Adopts 2 Security Projects

• The New Stack-October 2017: CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption

• Popular Science-October 2017: The Year’s Most Important Innovations in Security

• eWeek-April 2017: How The Update Framework Improves Security of Software Updates

• Python Podcast.init-March 2017: Securing your Software Updates with Justin Cappos-Episode 99, March 2017

• Forbes-January 2017: Uptane Will Protect your Connected Car from Hackers

• Christian Science Monitor-January 2017: Are Software Uodates Key to Stopping Criminal Car Hacks?

• YouTube-October 2016: Justin Cappos presents TUF and ongoing work in securing software updates in automobiles and the software supply chain at Docker’s Distributed Systems Summit 2016

• Duo Tech Talk-July 2016: Secure Software Distribution in an Adversarial World

• The New Stack-August 2015: Docker: With Content Trust, You Can Run Containers on Untrusted Networks

• Notary demoed at the DockerCon 2015 keynote

• LWN.net-January 2015: Docker image “verification”

• PyCon 2015-Poster Presentation

• LWN.net-January 2015: Protecting Python package downloads

• Hacker News-December 2014: Incremental Plans to Improve Python Packaging

• Titanous.com blog-December 2014: Docker Image Insecurity

• The Linux Magazine-March 2014: TUF Love

• Promotional materials on TUF (The Update Framework) w/ Justin Cappos and Trishank Kuppusamy

• Slashdot: Package Managers As Achilles Heel