The Update Framework (TUF) has become the first specification and first security-focused project to graduate from the Linux Foundation’s Cloud Native Computing Foundation (CNCF).
TUF is the ninth project to graduate, following Kubernetes, Prometheus, Envoy, CoreDNS, containerd, Fluentd, Jaeger, and Vitess. For projects to move from the maturity level of incubation to graduation, they must demonstrate thriving adoption, an open governance process, and a strong commitment to community, sustainability, and inclusivity.
The project was initially developed by Justin Cappos, associate professor of computer science and engineering at NYU Tandon School of Engineering, in 2009. Cappos is also the first academic researcher to lead a graduated project and TUF is the first project born out of a university to graduate.
TUF has become an industry de facto standard for securing software update systems.
TUF was accepted as a CNCF project in 2017. That same year, Cappos, along with a team of researchers from the University of Michigan Transportation Research Institute and Southwest Research Institute, developed Uptane, the automotive application of TUF.