UPDATED 12:35 EDT / OCTOBER 24 2017

INFRA

Cloud Native Computing Foundation adds two open-source security projects

The Cloud Native Computing Foundation, a prominent industry body backed by a who’s who of technology firms, is joining the cybersecurity fray.

The group this morning announced that it has taken charge of two open-source projects designed to help developers better protect their applications against hackers. The projects join a dozen technologies already under the CNCF’s wing, including Kubernetes and several of the other systems that underpin the software container movement. The group maintains these projects with the aim of giving companies the means to build application environments that can better meet their operational demands.

Notary, the first new project, was originally released by container pioneer Docker Inc. back in 2015. The system is designed to protect the integrity of the software components used in application projects.

Development teams typically store operating system images, libraries and other building blocks in a shared environment for easy access. The centralized nature of these repositories makes them a prime target for hackers. Notary enables developers to prevent an attacker from corrupting software components and updates by individually marking each item with a cryptographic certificate that acts as a sort of seal.

The certificate verifies that the software was written by a trusted user, as well as ensuring that it wasn’t corrupted at some point after release. Notary can also timestamp components to indicate when they were published. This mechanism protects against so-called replay attacks designed to fool a system into installing legitimate but outdated software with flaws that can potentially be exploited.

The other project that CNCF has taken under its wing is called The Update Framework. Created by New York University professor Justin Cappos, TUP is the specification on which Notary is based. Developers can use the technology to equip their own software with capabilities for fending off attempts to corrupt code. A group of automakers, for example, has created a version of TUP for securely patching car systems.

As part of its new responsibilities, CNCF will work to support development efforts around the two projects and drive industry interest. The fact that The Update Framework and Notary are now under the foundation’s wing will also give them some extra credence that should in itself help boost adoption.

Image: geralt/Pixabay

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.