& cplSiteName &

Cloud Native Computing Foundation Adopts 2 Security Projects

Scott Ferguson
10/24/2017
50%
50%

The Cloud Native Computing Foundation (CNCF) is planning on adopting two closely related open source security projects that aim to add an extra layer of protection to containers and the application that run inside them.

CNCF is best known for hosting and promoting the Kubernetes container management and orchestration platform, which Google developed. The organization is overseen by the Linux Foundation. (See What If Kubernetes Is One Big Google Conspiracy?)

However, in addition to Kubernetes, CNCF is known for hosting other projects as well. On October 24, the organization is pressing ahead by adopting two closely related open source security projects centered around containers.

Secure containers
(Source: StockSnap via Pixabay)
Secure containers
(Source: StockSnap via Pixabay)

These two security projects include Notary, which was developed in-house by Docker and The Update Framework (TUF), which was created by New York University professor Justin Cappos and his team at the school's Tandon School of Engineering. These are the 13th and 14th projects hosted by CNCF.

The two are related since Notary is based on TUF.

Docker engineers first developed Notary in 2015 as a way to provide security for container image updates. Specifically, Notary provides a layer of trust between a client and a server since it helps create, manage and distribute the metadata and ensure the integrity of the content that is being created.

As Docker senior engineer David Lawrence noted in a statement on Tuesday:

In a developer's workflow, security can often be an afterthought; however, every piece of deployed code from the OS to the application should be signed. Notary establishes strong trust guarantees to prevent malicious content from being injected into the workflow processes. Notary is a widely used implementation in the container space. By joining CNCF, we hope Notary will be more widely adopted and different use cases will emerge.

The other project, TUF, dates back to 2009 when Cappos first began developing the software.


Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.


TUF is part of a bigger software distribution framework and provides a layer of resilience in the case of a server being attacked and compromised. Here, the software uses cryptographic keys so that engineers can sign and verify what they are looking at. If a server is attacked, TUF ensures that the whole project won't be affected since each piece has to be verified during the development process.

Taken together, these two projects can help in issues such as creating DevOps environments with multiple developers working on different parts of an application. As applications move from container to container and cloud to cloud, adding this type of trust and security into the process could ensure the integrity of the final application.

In addition to containers, TUF is finding a home in other fields looking to create a more secure environments for development such as the auto industry, according to the CNCF announcement.

The CNCF made these two announcements at the Open Source Summit Europe conference in Prague.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Scott Ferguson
From its roots in industrial farm machinery and other equipment, John Deere has always looked for a technological edge. About 20 years ago, it was GPS and then 4G LTE. Now it's turning its attention to AI, machine learning and IoT.
Artificial intelligence and automation will become more integral to the enterprise, and 90% of all apps will have integrated AI capabilities by 2020, according to Oracle CEO Mark Hurd.
IBM is now offering access to Nvidia's Tesla V100 GPUs through its cloud offerings to help accelerate AI, HPC and other high-throughput workloads.
CIO Rhonda Gass is spearheading an effort to bring more automation and IoT to the factories making Stanley Black & Decker tools and other equipment.
Workday is looking to build out its machine learning and artificial intelligence capabilities with the acquisition of startup SkipFlag.
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
T-Mobile to Play the Customer Care Card With Layer3 TV
Jeff Baumgartner, Senior Editor, Light Reading, 8/15/2018
Windstream Claims US SD-WAN Leadership
Carol Wilson, Editor-at-large, 8/9/2018
Roku's Free Streams Go Outside the Box
Jeff Baumgartner, Senior Editor, Light Reading, 8/9/2018
Layoffs at Ericsson's iconectiv
Ray Le Maistre, Editor-in-Chief, 8/10/2018
Should Orange Buy Vivendi?
Iain Morris, News Editor, 8/14/2018
Animals with Phones
When Your Cat Hijacks Your Tech Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed