How The Update Framework Improves Security of Software Updates

Simply using HTTPS to make sure a software update is secure isn't enough to fully validate that a given update hasn't been tampered with. That's where The Update Framework can help.


Updating software is one of the most important ways to keep users and organizations secure. But how can software be updated securely? That's the challenge that The Update Framework (TUF) aims to solve.

Justin Cappos, assistant professor at New York University, detailed how TUF works and what's coming to further improve the secure updating approach in a session at last week's DockerCon 17 conference in Austin, Texas. Simply using HTTPS and Transport Layer Security (TLS) to secure a download isn't enough as there have been many publicly reported instances of software repositories that have been tampered with, Cappos said.

(See more...)