How The Update Framework Improves Software Distribution Security


In recent years, there have been multiple cyber-attacks that compromised a software developer's network in order to enable the delivery of malware inside of software updates. That's a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve. Cappos, an assistant professor at New York University (NYU) [Tandon School of Engineering], started TUF nearly a decade ago. TUF is now implemented by multiple software projects, including the Docker Notary project for secure container application updates and has implementations that are being purpose-built to help secure automotive software as well.