UPDATED 12:35 EDT / OCTOBER 24 2017

INFRA

Cloud Native Computing Foundation adds two open-source security projects

The Cloud Native Computing Foundation, a prominent industry body backed by a who’s who of technology firms, is joining the cybersecurity fray.

The group this morning announced that it has taken charge of two open-source projects designed to help developers better protect their applications against hackers. The projects join a dozen technologies already under the CNCF’s wing, including Kubernetes and several of the other systems that underpin the software container movement. The group maintains these projects with the aim of giving companies the means to build application environments that can better meet their operational demands.

Notary, the first new project, was originally released by container pioneer Docker Inc. back in 2015. The system is designed to protect the integrity of the software components used in application projects.

Development teams typically store operating system images, libraries and other building blocks in a shared environment for easy access. The centralized nature of these repositories makes them a prime target for hackers. Notary enables developers to prevent an attacker from corrupting software components and updates by individually marking each item with a cryptographic certificate that acts as a sort of seal.

The certificate verifies that the software was written by a trusted user, as well as ensuring that it wasn’t corrupted at some point after release. Notary can also timestamp components to indicate when they were published. This mechanism protects against so-called replay attacks designed to fool a system into installing legitimate but outdated software with flaws that can potentially be exploited.

The other project that CNCF has taken under its wing is called The Update Framework. Created by New York University professor Justin Cappos, TUP is the specification on which Notary is based. Developers can use the technology to equip their own software with capabilities for fending off attempts to corrupt code. A group of automakers, for example, has created a version of TUP for securely patching car systems.

As part of its new responsibilities, CNCF will work to support development efforts around the two projects and drive industry interest. The fact that The Update Framework and Notary are now under the foundation’s wing will also give them some extra credence that should in itself help boost adoption.

Image: geralt/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.