The Cloud Native Computing Foundation, a prominent industry body backed by a who’s who of technology firms, is joining the cybersecurity fray.

The group this morning announced that it has taken charge of two open-source projects designed to help developers better protect their applications against hackers. The projects join a dozen technologies already under the CNCF’s wing, including Kubernetes and several of the other systems that underpin the software container movement. The group maintains these projects with the aim of giving companies the means to build application environments that can better meet their operational demands.

Notary, the first new project, was originally released by container pioneer Docker Inc. back in 2015. The system is designed to protect the integrity of the software components used in application projects.

Development teams typically store operating system images, libraries and other building blocks in a shared environment for easy access. The centralized nature of these repositories makes them a prime target for hackers. Notary enables developers to prevent an attacker from corrupting software components and updates by individually marking each item with a cryptographic certificate that acts as a sort of seal.

The certificate verifies that the software was written by a trusted user, as well as ensuring that it wasn’t corrupted at some point after release. Notary can also timestamp components to indicate when they were published. This mechanism protects against so-called replay attacks designed to fool a system into installing legitimate but outdated software with flaws that can potentially be exploited.

The other project that CNCF has taken under its wing is called The Update Framework. Created by New York University professor Justin Cappos, TUP is the specification on which Notary is based. Developers can use the technology to equip their own software with capabilities for fending off attempts to corrupt code. A group of automakers, for example, has created a version of TUP for securely patching car systems.

As part of its new responsibilities, CNCF will work to support development efforts around the two projects and drive industry interest. The fact that The Update Framework and Notary are now under the foundation’s wing will also give them some extra credence that should in itself help boost adoption.

Image: geralt/Pixabay