CNCF Brings In Notary, The Update Framework to Boost Container Security

The Cloud Native Computing Foundation adds a pair of open-source security efforts to its project roster, providing cryptographically verifiable software integrity.

The Cloud Native Computing Foundation on Oct. 24 announced that it is expanding its project roster with the addition of the Notary container trust project and The Update Framework security effort. Notary relies on TUF, which is a software development and update model that was described in detail by co-creator Justin Cappos, an assistant professor at New York University [Tandon School of Engineering], at the DockerCon 17 conference in April. “If you have the green HTTPS padlock in your browser, it tells you the browser has a secure connection to a server," Cappos said. 


(see more)