Set up Resources section

README.md

@@ -1,11 +1,11 @@
 # The TUF website
 
-[![Netlify Status](https://api.netlify.com/api/v1/badges/5c5979e1-541a-442a-aa4f-50abbd6c0b49/deploy-status)](https://app.netlify.com/sites/tuf-homepage/deploys)
+[![Netlify Status](https://api.netlify.com/api/v1/badges/91c8d69b-9b02-4c3a-ba58-100d65699e38/deploy-status)](https://app.netlify.com/sites/tufresources/deploys)
 
 Website repository for The Update Framework (TUF), build with [Hugo][] using the
 [Docsy][] theme, hosted on [Netlify][].
 
-Preview for the development version: https://tuf-homepage.netlify.app/
+Preview for the development version: https://tufresources.netlify.app/
 
 [Docsy]: https://docsy.dev
 [Hugo]: https://gohugo.io

content/en/resources/_index.md

@@ -1,7 +1,10 @@
 ---
 title: Resources
 menu: { main: { weight: 50 } }
-description: Learn more from our resources
+description:
 cascade:
   type: docs
 ---
+
+Find curated selections of videos, press coverage, and publications designed to
+inform and inspire you.

content/en/resources/news.md

@@ -0,0 +1,171 @@
+---
+title: News
+description: A listing of TUF news coverage.
+---
+
+>
+
+**June 16, 2021**
+
+The Sigstore community live-streamed a
+[key generation and signing ceremony ](https://www.cncf.io/blog/2021/06/16/a-new-kind-of-trust-root/)
+for the Sigstore trust root, which is using The Update Framework (TUF)
+primitives to provide a PKI model with no single entity in charge of the trust
+root, and shorter root key lifespan than traditional PKI models.
+
+**March 5, 2021**
+
+The
+[TUF specification](https://theupdateframework.github.io/specification/latest/index.html)
+is now published as a rich HTML document with a table of contents, syntax
+highlighting, cross-linking, and other features.
+
+The new publication machinery also maintains a
+[list of all versions ](https://theupdateframework.github.io/specification/)
+published since the format change.
+
+**October 30, 2020**
+
+The Python Software Foundation live-streams a
+[key generation and signing ceremony](https://www.youtube.com/watch?v=jjAq7S49eow&t=3078s)
+that marks the first practical steps in deploying The Update Framework (TUF) to
+the Python Package Index.
+
+**February 15, 2020**
+
+[PEP 458](https://www.python.org/dev/peps/pep-0458/), Secure PyPI Downloads with
+Package Signing, is accepted and merged into the Python Enhancement Proposals
+(PEP) tree.
+
+**December 19, 2019**
+
+TUF becomes the
+[first project](https://engineering.nyu.edu/news/open-source-system-secure-software-updates-graduates-protect-leading-cloud-services)
+led by an academic and the first specification-based project to graduate from
+the [Cloud Native Computing Foundation](https://www.cncf.io/).
+
+**August 2019**
+
+Uptane becomes joins the
+[Linux Foundation's Joint Development Foundation](https://www.jointdevelopment.org/),
+giving a pathway for ISO standardization of future versions of the
+specification.
+
+**July 31, 2019**
+
+The IEEE/ISTO standardizes
+[version 1.0.0 of the Uptane specification](https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html).
+
+**June 3, 2019**
+
+Trishank Kuppusamy publishes a
+[blog post](https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/)
+announcing the integration of both TUF and a related framework, called
+[in-toto](https://in-toto.io/), into
+[Datadog Agent Integrations](https://docs.datadoghq.com/getting_started/integrations/).
+
+**August 16, 2018**
+
+[NYU Tandon School of Engineering](https://engineering.nyu.edu/) becomes an
+associate member of the [Linux Foundation](https://www.linuxfoundation.org/) and
+a Bronze member of [Automotive Grade Linux](https://www.automotivelinux.org/) on
+the strength of the Foundation’s adoption of Uptane and TUF projects.
+
+**July 31, 2018**
+
+The Uptane Alliance, a nonprofit entity organized under the umbrella of IEEE's
+[International Standards and Technology Organization](https://ieee-isto.org/) is
+formed. The Alliance was tasked with overseeing the setting of standards for the
+implementation/deployment of Uptane, as well as the advancement and improvement
+of the technology itself.
+
+**January 25, 2018**
+
+[Airbiquity](https://www.airbiquity.com) receives a
+[BIG Award for Business](https://www.airbiquity.com/news/press-releases/airbiquity-otamatic-named-2017-new-product-year-business-intelligence-group)
+in the 2017 New Product of the Year Award category for its Uptane-based OTAmatic
+over-the-air software and data management solution.
+
+**December 7, 2017**
+
+Justin Cappos and David Lawrence, senior security engineer at Docker, jointly
+chaired the TUF/Notary Salon at
+[KubeCon + CloudNativeCon North America](https://events17.linuxfoundation.org/events/kubecon-and-cloudnativecon-north-america/program/schedule).
+The flagship conference of the Cloud Native Computing Foundation was held in
+Austin, Texas, December 6-8, 2017.
+
+**October 24, 2017**
+
+[The Linux Foundation](https://www.linuxfoundation.org/) announced at Open
+Source Summit Europe that TUF would become the
+[latest hosted project](https://www.linuxfoundation.org/cloud-containers-virtualization/cncf-host-two-security-projects-notary-tuf-specification/)
+of the Cloud Native Computing Foundation. TUF and Notary are the first security
+projects to be adopted by CNCF.
+
+**August 10, 2017**
+
+Lukas Pühringer presented the talk "Rough Times? TUF Shines" at
+[DebConf17](https://debconf17.debconf.org/talks/153/), an "annual conference for
+Debian contributors, and users interested in improving Debian."  
+The conference took place in Montreal, Canada, August 6-12, 2017.
+
+**July 3, 2017**
+
+Dr. Trishank Karthik Kuppusamy defended his dissertation on TUF and
+[Uptane](https://uptane.github.io). Congratulations! Work on these projects will
+continue as Sebastien, Vlad, Justin, and others move forward!
+
+**May 10, 2017**
+
+Justin Cappos gave a
+[talk](https://ssl.engineering.nyu.edu/blog/2017-04-24-DockerCon) on TUF,
+[Uptane](https://uptane.github.io), and [in-toto](https://in-toto.io/) at
+DockerCon 2017.
+
+**October 10, 2016**
+
+Lily Guo and Riyaz Faizullabhoy from Docker gave a
+[talk](https://linuxconcontainerconeurope2016.sched.org/event/7oI1/software-update-security-when-the-going-gets-tough-get-tuf-going-riyaz-faizullabhoy-lily-guo-docker?iframe=no&w=i:100;&sidebar=yes&bg=no)
+on TUF and Notary at LinuxCon+ContainerCon Europe 2016. Slides of their talk are
+available
+[here](https://schd.ws/hosted_files/linuxconcontainerconeurope2016/50/When%20the%20going%20gets%20tough%2C%20get%20TUF%20going%21%20Linuxcon%20EU.pdf).
+
+**September 22, 2016**
+
+TUF now welcomes proposals to extend the specification! For more information,
+please see
+[TUF Augmentation Proposals (TAPs)](https://github.com/theupdateframework/taps).
+
+**August 24, 2016**
+
+Riyaz Faizullabhoy from Docker gave a
+[talk](https://lcccna2016.sched.org/event/7JWU/when-the-going-gets-tough-get-tuf-going-riyaz-faizullabhoy-docker)
+on TUF and Notary at LinuxCon North America. Slides of his talk are available
+[here](https://events.linuxfoundation.org/events/linuxcon-north-america/program/slides).
+
+**March 18, 2016**
+
+Trishank Kuppusamy presents "Diplomat: Using Delegations to Protect Community
+Repositories" at [NSDI 2016](https://www.usenix.org/conference/nsdi16).
+Presentation [slides and audio](https://www.usenix.org/node/194973) of the talk
+are also available
+
+**February 22, 2016**
+
+David Lawrence and Ying Li from Docker present at PyCon 2016. The title of their
+talk is:
+[When the going gets tough, get TUF going](https://us.pycon.org/2016/schedule/presentation/2187/)
+
+**February 19, 2016**
+
+The Update Framework acquires a logo to call its own, thanks to Maria Jose
+Barrera (https://twitter.com/joseemari) who created the logo, and Santiago
+Torres who found Barrerra.
+
+**August 12, 2015**
+
+The Docker team announces Docker Content Trust, which integrates TUF via
+[Notary](https://github.com/docker/notary). Docker Content Trust will be
+available starting with Docker 1.8, and supports image signing and verification.
+For more information on the Docker + TUF integration, consult
+[this blog post](https://blog.docker.com/2015/08/content-trust-docker-1-8).

content/en/resources/publications.md

@@ -0,0 +1,18 @@
+---
+title: Publications
+description: Publications and Press coverage
+---
+
+The following papers provide detailed information on securing software updater
+systems, TUF's design, attacks on package managers, and package management
+security:
+
+- [Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories](https://theupdateframework.io/papers/prevention-rollback-attacks-atc2017.pdf?raw=true)
+
+- [Diplomat: Using Delegations to Protect Community Repositories](https://theupdateframework.io/papers/protect-community-repositories-nsdi2016.pdf?raw=true)
+
+- [Survivable Key Compromise in Software Update Systems](https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf?raw=true)
+
+- [A Look In the Mirror: Attacks on Package Managers](https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf?raw=true)
+
+- [Package Management Security](https://theupdateframework.io/papers/package-management-security-tr08-02.pdf?raw=true)

content/en/resources/videos.md

@@ -0,0 +1,29 @@
+---
+title: Videos
+description:
+  Sample videos of presentations given by project members and adopters.
+---
+
+## TUF-en Up Your Signatures
+
+{{< youtube "8sUqo36IVio" >}}
+
+## Defending against attacks on package managers
+
+{{< youtube "Y9Yxst_-Cvg" >}}
+
+## Securing Content Repositories with The Update Framework (TUF)
+
+{{< youtube "Xuk3BcluYxw">}}
+
+## Talking TUF: Securing Software Distribution
+
+{{< youtube "Aryr0O6H_2U" >}}
+
+## Securing the Software Supply Chain with TUF and Docker
+
+{{< youtube "SNge7-t4JRE" >}}
+
+## Atlassian Dev Den Tech Talk Series: Securing Rubygems with TUF
+
+{{< youtube "J0GkcToeDiM" >}}