diff --git a/config.toml b/config.toml index 84955e2..09b3d4c 100644 --- a/config.toml +++ b/config.toml @@ -160,12 +160,17 @@ parent = "community" url = "https://cloud-native.slack.com/archives/C8NMD3QJ3" weight = 6 +[[menu.main]] +name = "Blogs" +url = "/blogs/" +weight = 4 + [[menu.main]] name = "News" url = "/news/" -weight = 4 +weight = 5 [[menu.main]] name = "Contact" url = "/contact/" -weight = 5 +weight = 6 diff --git a/content/blogs.md b/content/blogs.md new file mode 100644 index 0000000..b850c0e --- /dev/null +++ b/content/blogs.md @@ -0,0 +1,151 @@ +--- +title: Blogs +--- + +> ## How we securely autoupdate Osquery at Kolide +> +> *Published on: May 3, 2024* +> +> How We Securely Autoupdate Osquery at Kolide using The Update Framework(TUF). +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://blog.kolide.com/how-we-securely-autoupdate-osquery-at-kolide-b0eda6ad05f6) + +--- + +> ## Security audit of go-tuf The Update Framework +> +> *Published on: August 30, 2023* +> +> In this post, we’ll share the results of a recent security assessment of the Go implementation of TUF. go-tuf is one of the most widely adopted TUF implementations used by many projects, including sigstore +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://blogs.vmware.com/opensource/2023/08/30/security-audit-of-go-tuf-the-update-framework/) + +--- + +> ## Safety for All with Repository Service for TUF +> +> *Published on: June 6, 2023* +> +> Repository Service for TUF is part of VMware’s broader investment to help improve security across the industry’s software supply chain. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://blogs.vmware.com/opensource/2023/06/06/safety-for-all-with-repository-service-for-tuf-2/) + +--- + +> ## Using The Update Framework in Sigstore +> +> *Published on: August 11, 2021* +> +> We use TUF in the Sigstore project to protect our own keys and infrastructure, but we’re also hoping to make it possible for end users to use TUF on their own, using the Sigstore tools. I call this the TUF sandwich! +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://dlorenc.medium.com/using-the-update-framework-in-sigstore-dc393cfe6b52) + +--- + +> ## Enhancing Software Update Security With TUF (The Update Framework) +> +> *Published on: September 10, 2020* +> +> The Update Framework (TUF) is a flexible, open source framework and specification that developers can adopt into any software update system. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://blogs.vmware.com/opensource/2020/09/10/tuf-enhancing-software-update-security/) + +--- + +> ## Secure Software Updates via TUF — Part 2 +> +> *Published on: September 1, 2020* +> +> TUF secures the software update delivery system using mechanisms such as roles, their signatures (PKI), threshold number of signatures, file hashes, and file size. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-2-412c6a2b10ab) + +--- + +> ## Secure Software Updates via TUF — Part 1 +> +> *Published on: August 18, 2020* +> +> Software is all around us and we see them getting regularly updated. How secure are these updates? What are the reasons for securing them? How do they (secure updates) work under the hood? +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-1-f9bbb34bcbbc) + +--- + +> ## How TUF can secure software systems from update vulnerabilities +> +> *Published on: August 1, 2020* +> +> Over the past couple years, The Update Framework (TUF) has grown into a de facto standard to secure software system updates for many kinds of applications. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/How-TUF-can-secure-software-systems-from-update-vulnerabilities) + +--- + +> ## CNCF Graduates TUF Project to Secure Software Updates +> +> *Published on: December 18, 2019* +> +> The Update Framework (TUF) is made up of a set of libraries, file formats and utilities that can authenticate files and images before they are downloaded from a software repository. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://devops.com/cncf-graduates-tuf-project-to-secure-software-updates/) + +--- + +> ## Fuchsia Friday: Amber keeps Fuchsia up to date and secure +> +> *Published on: March 9, 2018* +> +> Newest additions to Fuchsia is The Update Framework “with the ambition of updating all components running on a Fuchsia system” including basic things like apps all the way down to the Zircon kernel and the bootloader. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://9to5google.com/2018/03/09/fuchsia-friday-amber-keeps-fuchsia-up-to-date-and-secure/) + +--- + +> ## How The Update Framework Improves Security of Software Updates +> +> *Published on: April 24, 2017* +> +> How can software be updated securely? That’s the challenge that The Update Framework (TUF) aims to solve. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://www.eweek.com/security/how-the-update-framework-improves-security-of-software-updates/) + +--- + +> ## Exploring Docker Security – Part 3: Docker Content Trust +> +> *Published on: September 13, 2016* +> +> Obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and got latest version of the image. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://blog.mi.hdm-stuttgart.de/index.php/2016/09/13/exploring-docker-security-part-3-docker-content-trust/) + +--- + +> ## Securing RubyGems with TUF, Part 3 +> +> *Published on: December 10, 2013* +> +> How The Update Framework (TUF) enables developers to securely sign for their code, protecting clients from installing maliciously modified gems. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-3/) + +--- + +> ## Securing RubyGems with TUF, Part 2 +> +> *Published on: December 9, 2013* +> +> How The Update Framework (TUF) protects clients from installing maliciously modified gems. In this post, we extend that system to allow developers to update their own gems. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-2/) + +--- + +> ## Securing RubyGems with TUF, Part 1 +> +> *Published on: December 6, 2013* +> +> In this series of blog posts, I aim to explain the fundamental concepts of TUF and how they apply to RubyGems. +> +> [![ Read more ](https://img.shields.io/badge/Read_more-blue?style=for-the-badge&logoWidth=40)](https://developer.squareup.com/blog/securing-rubygems-with-tuf-part-1/)