Cloud-native project The Update Framework hits top-level CNCF status
An open-source specification that secures software updates has just become the ninth Cloud Native Computing Foundation project to graduate to top-level status.
The CNCF is an organization that’s responsible for overseeing the development of several popular open-source, cloud-native software projects, including Kubernetes, which is used to manage and orchestrate software containers that host modern applications. The Update Framework is the first security-focused project under its umbrella to graduate.
TUF was created about a decade ago as a way to build system resilience against key compromises and other attacks that can spread malware or compromise a repository. It aims to provide a framework for securing new and existing software system updates, including a set of libraries, file formats and utilities, and is flexible enough to meet with the vast majority of existing software update systems.
TUF was first accepted as an incubator project by the CNCF in 2017 and has since become a de facto standard for securing software update systems. It’s commonly used by big technology companies, including Amazon Web Services Inc., Microsoft Corp., Docker Inc., IBM Corp., Red Hat Inc. and VMware Inc.
“We designed TUF so that an organization does not need to be perfect in their operational security,” said Justin Cappos, an associate professor of computer science and engineering at NYU Tandon School of Engineering, who initially created the project. “If a company accidentally makes a signing key public, has a hacker break into their software repository, or if a disgruntled employee goes rogue, the damage they can cause is limited. Defense in depth is key to security, and the security of the software update infrastructure is among the most critical concerns in practice.”
To graduate under the CNCF, open-source projects must meet several criteria, including “thriving adoption, an open governance process, and a strong commitment to community, sustainability and inclusivity,” the CNCF said.
“Enterprises like to see broad adoption of open source and the CNFC model of waiting for broad adoption of projects as a gatekeeper to graduation is a smart strategy to achieve exactly that – wide adoption,” said Holger Mueller, principal analyst and vice president at Constellation Research Inc. “TUF is a key contribution to make software updates more secure, resilient and robust, a key capability given the pressure on enterprises to mover faster that also means a faster update cycle for their next-generation applications.”
Image: The Update Framework
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU