About
Overview History Timeline Project Publications Code of conduct
Getting started
Security Roles and metadata Frequently asked questions Specification (latest) Specification index Reference implementation Videos
Community
Adoptions Reporting issues Security audits Enhancement proposals Contribute Chat (CNCF Slack)
News Contact

Security audits

Note: This list only contains publicly available audits.

  • September 9, 2022 by X41

  • August 7, 2018 by Cure53 covering TUF and Notary

  • October 18, 2017 by NCC security assessment of TUF / Kolide.

  • July 31, 2015 by NCC covering TUF and Notary.

© 2022 The Update Framework authors | Documentation Distributed under CC-BY-4.0

© 2022 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.


The TUF project is managed by the Linux Foundation under the Cloud Native Computing Foundation. The consensus builder for TUF is Prof. Justin Cappos of the Secure Systems Lab at New York University. Project maintainers[1][2] are comprised of collaborators from academia and the industry. Contributors and maintainers are governed by the CNCF Community Code of Conduct.

This material is based upon work supported by the National Science Foundation under Grant Nos. CNS-1345049 and CNS-0959138. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.