Attending this event?
Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map
View analytic
Tuesday, December 11 • 1:45pm - 2:20pm
Intro: TUF/Notary - Justin Cappos, NYU & Justin Cormack, Docker

Sign up or log in to save this to your schedule and see who's attending!

Log in to leave feedback.
Software distribution and packaging systems are rapidly becoming the weak link in the software lifecycle. This talk provides an accessible overview of two CNCF projects (Notary and TUF), that provide what has been roundly described as the most secure mechanism for distributing software. Notary, which implements the TUF specification, signs and transparently validates metadata to enable the system to recover from the compromise of servers, theft of keys, insider attacks, etc. Notary / TUF are surprisingly easy to use and used to provide cutting edge security not only across major cloud companies, but a diverse set of adopters, including automobiles. WARNING: Attending this talk may cause (justifiable) fear in the software update mechanism on your devices!

avatar for Justin Cappos

Justin Cappos

Professor, NYU
Justin Cappos is a professor in the Computer Science and Engineering department at New York University. His research includes the TUF project (which is hosted by the Linux Foundation / CNCF), which provides a compromise-resilient mechanism for the secure distribution of software... Read More →
avatar for Justin Cormack

Justin Cormack

Security Engineer, Docker
Justin Cormack is a security engineer at Docker. He has worked on runc, container isolation policies, virtualisation and container security, and knows his way around the Linux kernel and the container stack.

Tuesday December 11, 2018 1:45pm - 2:20pm
3 A/B
  • Skill Level Any