The Cloud Native Computing Foundation has heaved The Update Framework into the ranks of graduate projects, making it the first university-bred project to reach this level.
It is also both the first security-related project and the first specification to get through the process, which is meant to align projects with the foundation’s policies and make sure they follow some best practices.
Work on TUF started in 2009 at the University of Washington. According to the graduation announcement, the goal of creators Justin Samuel and Justin Cappos was an easy integratable, flexible framework for securing software update systems. Core design principles that are still relevant to the project include the separation of responsibilities for signing metadata, a “fixed number of signatures agreeing to the authenticity” of an update’s meta information before downloading, as well as a way to automatically revoke signing keys.
Cappos said in a canned statement, that they designed “TUF so that an organization does not need to be perfect in their operational security. If a company accidentally makes a signing key public, has a hacker breaks into their software repository, or if a disgruntled employee goes rogue, the damage they can cause is limited.”
Which could be one of the reasons why the project found supporters in companies such as Amazon, Microsoft, Google, Docker, IBM, and Red Hat since entering the CNCF incubator in 2017. Moreover, a TUF-variant called Uptane can be found in some over-the-air update systems in the automotive industry.
The Cloud Native Foundation is part of the Linux Foundation and champions software projects such as container orchestrator Kubernetes, monitoring tool Prometheus, or the Envoy proxy. The last project to graduate its process was database system Vitess in November 2019.