In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Thursday, October 14 • 2:30pm - 3:05pm
Securing Content Repositories with the Update Framework (TUF) - Marina Moore, NYU & Joshua Lock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The Update Framework (TUF) is a framework for secure content delivery and updates that protects against many known attacks on software update systems. In this talk, Joshua Lock and Marina Moore will describe how TUF works, why content delivery systems need the protections offered by TUF, and share some recent developments in TUF and related projects. Following this introductory content, we will deep dive into proposed new features for TUF by reviewing a TUF Augmentation Proposal (TAP). Come to this talk to learn about how many organizations, including Docker, Amazon, and Google secure software updates and how you can get involved.

avatar for Marina Moore

Marina Moore

PhD Candidate, NYU
Marina Moore is a PhD student at NYU Tandon’s Secure Systems Lab focusing on secure software updates and supply chain security. While at NYU she has worked primarily on research and development for The Update Framework (TUF), Uptane, and Notary. She has spoken at KubeCon + CloudNativeCon... Read More →
avatar for Joshua Lock

Joshua Lock

Staff Open Source Engineer, VMware
Joshua is a Staff Open Source Engineer in VMware’s Open Source Program Office where he works on software supply chain security standards and tools. He is a steering committee member and maintainer for the Supply chain Levels for Software Artifacts (SLSA) project, an editor of The... Read More →

Thursday October 14, 2021 2:30pm - 3:05pm PDT
Room 402 AB + Online