In recent years that there been multiple cyber-attacks that compromised a software developer’s network to enable the delivery of malware inside of software updates. That’s a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project,…

TAG post by members of TAG security including Marina Moore, Michael Lieberman, John Kjell, James Carnegie, and Luca Bandini Reviewers: Emily Fox, Andrés Vega, Andrew McNamara, Andrew Block, Jon Zeolla, Andrew Martin Introduction Software supply chain policy describes…

Member post by AccuKnox Introduction: In the realm of cybersecurity, ensuring that virtualized or cloud-based infrastructures security is paramount. One crucial aspect is safeguarding applications where most of our crown-jewel sits and are susceptible to dynamic changes. In…

Guest post originally posted on the Infracloud blog by Frederick Fernando Why worry about software supply chain security? In the past few years, we have seen attacks such as NotPetya and Sunburst, which has shifted the industry’s focus to secure their…

The Cloud Native Computing Foundation (CNCF) filled in a missing security component with the inclusion of two new projects under its open source guidance. The CNCF Technical Oversight Committee voted in the security-focused Notary and The Update Framework…

Riyaz Faizullabhoy, Docker Security Engineer, today announced on stage at Open Source Summit Europe, that the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) has voted Notary in as our 13th hosted project and TUF in as…

CNCF offered 103 diversity scholarships to developers and students to attend KubeCon + CloudNativeCon North America 2017. In this post, our scholarship recipient Cheryl Fong, student at University of New Hampshire (UNH)majoring in Computer Science, shares her experience…