Got Security? Notary and TUF Join The Family!
A couple weeks ago at Open Source Summit Europe, Riyaz Faizullabhoy, Security Engineer at Docker, announced on stage that the Technical Oversight Committee has voted Notary and TUF in as our 13th & 14th hosted projects.
Originally created by Docker, Notary is based on The Update Framework (TUF) specification, a secure general design for the problem of software distribution and updates. TUF helps developers to secure new or existing software update systems, which are often found to be vulnerable to many known attacks.
Notary is one of the industry’s most mature implementations of TUF specification and its Go implementation is used today to provide robust security for container image updates, even in the face of a registry compromise. Notary/TUF provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions.