Set up Resources section

README.md

@@ -1,12 +1,8 @@
 # The TUF website
 
-[![Netlify Status](https://api.netlify.com/api/v1/badges/0739ac5a-a6a8-4012-aafb-97231bcca801/deploy-status)](https://app.netlify.com/sites/tufio/deploys)
-
 Website repository for The Update Framework (TUF), build with [Hugo][] using the
 [Docsy][] theme, hosted on [Netlify][].
 
-Preview for the development version: https://tufio.netlify.app/
-
 [Docsy]: https://docsy.dev
 [Hugo]: https://gohugo.io
 [Netlify]: https://netlify.com

content/en/community/_index.md

@@ -6,4 +6,3 @@ menu: { main: { weight: 40 } }
 contributingUrl: https://github.com/cncf/foundation/blob/main/code-of-conduct.md
 # Content below, if any, will be added to the community page.
 ---
-

content/en/resources/_index.md

@@ -1,7 +1,9 @@
 ---
 title: Resources
 menu: { main: { weight: 50 } }
-description: Learn more from our resources
 cascade:
   type: docs
 ---
+
+Find curated selections of videos, press coverage, and publications designed to
+inform and inspire you.

content/en/resources/news.md

@@ -0,0 +1,170 @@
+---
+title: News
+description:
+  The [press](resources/press) page contains a full listing of news coverage
+---
+
+**June 16, 2021**
+
+The Sigstore community live-streamed a
+[key generation and signing ceremony ](https://www.cncf.io/blog/2021/06/16/a-new-kind-of-trust-root/)
+for the Sigstore trust root, which is using The Update Framework (TUF)
+primitives to provide a PKI model with no single entity in charge of the trust
+root, and shorter root key lifespan than traditional PKI models.
+
+**March 5, 2021**
+
+The
+[TUF specification](https://theupdateframework.github.io/specification/latest/index.html)
+is now published as a rich HTML document with a table of contents, syntax
+highlighting, cross-linking, and other features.
+
+The new publication machinery also maintains a
+[list of all versions ](https://theupdateframework.github.io/specification/)
+published since the format change.
+
+**October 30, 2020**
+
+The Python Software Foundation live-streams a
+[key generation and signing ceremony](https://www.youtube.com/watch?v=jjAq7S49eow&t=3078s)
+that marks the first practical steps in deploying The Update Framework (TUF) to
+the Python Package Index.
+
+**February 15, 2020**
+
+[PEP 458](https://www.python.org/dev/peps/pep-0458/), Secure PyPI Downloads with
+Package Signing, is accepted and merged into the Python Enhancement Proposals
+(PEP) tree.
+
+**December 19, 2019**
+
+TUF becomes the
+[first project](https://engineering.nyu.edu/news/open-source-system-secure-software-updates-graduates-protect-leading-cloud-services)
+led by an academic and the first specification-based project to graduate from
+the [Cloud Native Computing Foundation](https://www.cncf.io/).
+
+**August 2019**
+
+Uptane becomes joins the
+[Linux Foundation's Joint Development Foundation](https://www.jointdevelopment.org/),
+giving a pathway for ISO standardization of future versions of the
+specification.
+
+**July 31, 2019**
+
+The IEEE/ISTO standardizes
+[version 1.0.0 of the Uptane specification](https://uptane.github.io/papers/ieee-isto-6100.1.0.0.uptane-standard.html).
+
+**June 3, 2019**
+
+Trishank Kuppusamy publishes a
+[blog post](https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto/)
+announcing the integration of both TUF and a related framework, called
+[in-toto](https://in-toto.io/), into
+[Datadog Agent Integrations](https://docs.datadoghq.com/getting_started/integrations/).
+
+**August 16, 2018**
+
+[NYU Tandon School of Engineering](https://engineering.nyu.edu/) becomes an
+associate member of the [Linux Foundation](https://www.linuxfoundation.org/) and
+a Bronze member of [Automotive Grade Linux](https://www.automotivelinux.org/) on
+the strength of the Foundation’s adoption of Uptane and TUF projects.
+
+**July 31, 2018**
+
+The Uptane Alliance, a nonprofit entity organized under the umbrella of IEEE's
+[International Standards and Technology Organization](https://ieee-isto.org/) is
+formed. The Alliance was tasked with overseeing the setting of standards for the
+implementation/deployment of Uptane, as well as the advancement and improvement
+of the technology itself.
+
+**January 25, 2018**
+
+[Airbiquity](https://www.airbiquity.com) receives a
+[BIG Award for Business](https://www.airbiquity.com/news/press-releases/airbiquity-otamatic-named-2017-new-product-year-business-intelligence-group)
+in the 2017 New Product of the Year Award category for its Uptane-based OTAmatic
+over-the-air software and data management solution.
+
+**December 7, 2017**
+
+Justin Cappos and David Lawrence, senior security engineer at Docker, jointly
+chaired the TUF/Notary Salon at
+[KubeCon + CloudNativeCon North America](https://events17.linuxfoundation.org/events/kubecon-and-cloudnativecon-north-america/program/schedule).
+The flagship conference of the Cloud Native Computing Foundation was held in
+Austin, Texas, December 6-8, 2017.
+
+**October 24, 2017**
+
+[The Linux Foundation](https://www.linuxfoundation.org/) announced at Open
+Source Summit Europe that TUF would become the
+[latest hosted project](https://www.linuxfoundation.org/cloud-containers-virtualization/cncf-host-two-security-projects-notary-tuf-specification/)
+of the Cloud Native Computing Foundation. TUF and Notary are the first security
+projects to be adopted by CNCF.
+
+**August 10, 2017**
+
+Lukas Pühringer presented the talk "Rough Times? TUF Shines" at
+[DebConf17](https://debconf17.debconf.org/talks/153/), an "annual conference for
+Debian contributors, and users interested in improving Debian."  
+The conference took place in Montreal, Canada, August 6-12, 2017.
+
+**July 3, 2017**
+
+Dr. Trishank Karthik Kuppusamy defended his dissertation on TUF and
+[Uptane](https://uptane.github.io). Congratulations! Work on these projects will
+continue as Sebastien, Vlad, Justin, and others move forward!
+
+**May 10, 2017**
+
+Justin Cappos gave a
+[talk](https://ssl.engineering.nyu.edu/blog/2017-04-24-DockerCon) on TUF,
+[Uptane](https://uptane.github.io), and [in-toto](https://in-toto.io/) at
+DockerCon 2017.
+
+**October 10, 2016**
+
+Lily Guo and Riyaz Faizullabhoy from Docker gave a
+[talk](https://linuxconcontainerconeurope2016.sched.org/event/7oI1/software-update-security-when-the-going-gets-tough-get-tuf-going-riyaz-faizullabhoy-lily-guo-docker?iframe=no&w=i:100;&sidebar=yes&bg=no)
+on TUF and Notary at LinuxCon+ContainerCon Europe 2016. Slides of their talk are
+available
+[here](https://schd.ws/hosted_files/linuxconcontainerconeurope2016/50/When%20the%20going%20gets%20tough%2C%20get%20TUF%20going%21%20Linuxcon%20EU.pdf).
+
+**September 22, 2016**
+
+TUF now welcomes proposals to extend the specification! For more information,
+please see
+[TUF Augmentation Proposals (TAPs)](https://github.com/theupdateframework/taps).
+
+**August 24, 2016**
+
+Riyaz Faizullabhoy from Docker gave a
+[talk](https://lcccna2016.sched.org/event/7JWU/when-the-going-gets-tough-get-tuf-going-riyaz-faizullabhoy-docker)
+on TUF and Notary at LinuxCon North America. Slides of his talk are available
+[here](https://events.linuxfoundation.org/events/linuxcon-north-america/program/slides).
+
+**March 18, 2016**
+
+Trishank Kuppusamy presents "Diplomat: Using Delegations to Protect Community
+Repositories" at [NSDI 2016](https://www.usenix.org/conference/nsdi16).
+Presentation [slides and audio](https://www.usenix.org/node/194973) of the talk
+are also available
+
+**February 22, 2016**
+
+David Lawrence and Ying Li from Docker present at PyCon 2016. The title of their
+talk is:
+[When the going gets tough, get TUF going](https://us.pycon.org/2016/schedule/presentation/2187/)
+
+**February 19, 2016**
+
+The Update Framework acquires a logo to call its own, thanks to Maria Jose
+Barrera (https://twitter.com/joseemari) who created the logo, and Santiago
+Torres who found Barrerra.
+
+**August 12, 2015**
+
+The Docker team announces Docker Content Trust, which integrates TUF via
+[Notary](https://github.com/docker/notary). Docker Content Trust will be
+available starting with Docker 1.8, and supports image signing and verification.
+For more information on the Docker + TUF integration, consult
+[this blog post](https://blog.docker.com/2015/08/content-trust-docker-1-8).

content/en/resources/press.md

@@ -0,0 +1,88 @@
+---
+title: Press
+description: TUF Press coverage
+---
+
+- [Design2Part Magazine-April 2, 2020: Open Source Framework Helps Automakers Secure OTA Updates](https://www.d2pmagazine.com/2020/04/02/6099/)
+
+- [TechCrunch-March 11, 2020: AWS Launches Bottlerocket, a Linux-based OS for Container Hosting](https://techcrunch.com/2020/03/11/aws-launches-bottlerocket-a-linux-based-os-for-container-hosting/)
+
+- [New Jersey 101.5-March 9, 2020: People are Pretty Reluctant to Embrace Self Driving Cars, Survey Says](https://nj1015.com/people-are-pretty-reluctant-to-embrace-self-driving-cars-survey-says/)
+
+- [Python Foundation Blogspot-March 4, 2020: An Update PyPI Funded Work](https://pyfound.blogspot.com/2020/03/an-update-pypi-funded-work.html)
+
+- [S&P Global-January 9, 2020: Wireless Vehicle Updates Pose Big Cybersecurity Risk for Automakers, Consumers](https://www.spglobal.com/marketintelligence/en/news-insights/trending/Xp9n6TEIEmSe8ho9d0jX_Q2)
+
+- [MP3 Monster's Blog-January 4, 2020: Security Vulnerabilities in Solution Deployment](https://blog.mp3monster.org/2020/01/04/security-vulnerabilities-in-solution-deployment/)
+
+- [AV Network-December 27, 2019: Cloud Native Computing Foundation Announces TUF Graduation](https://www.avnetwork.com/news/cloud-native-computing-foundation-announces-tuf-graduation)
+
+- [HelpNet Security.com-December 23, 2019: The Update Framework Graduates from the Linux Foundation’s Cloud Native Computing Foundation](https://www.helpnetsecurity.com/2019/12/23/update-framework-linux-foundation/)
+
+- [Linux Weekly News-December 19, 2019: Cloud Native Computing Foundation Announces TUF Graduation](https://lwn.net/Articles/807777/)
+
+- [DevClass-December 19, 2019: The Update Framework Becomes the Ninth Project to Graduate CNCF](https://devclass.com/2019/12/19/the-update-framework-becomes-ninth-project-to-graduate-cncf/)
+
+- [DevOps-December 18, 2019: CNCF Graduates TUF Project to Secure Software Updates](https://devops.com/cncf-graduates-tuf-project-to-secure-software-updates/)
+
+- [Linux Weekly News-July 24, 2019: Protecting update systems from nation-state attackers](https://lwn.net/Articles/794391/)
+
+- [The Drive.com-July 23, 2019: Top OTA Expert Shows How State Actors Hack into your Car and What Happens Next](https://www.thedrive.com/tech/29120/top-ota-expert-shows-how-state-actors-hack-into-your-car-and-what-happens-next-people-will-die)
+
+- [Just Auto-May 30, 2019: HERE and Uptane Team on automotive/IoT security](https://www.just-auto.com/news/here-and-uptane-team-on-automotiveiot-security_id188912.aspx)
+
+- [Traffic Technology Today-May 29,2019: HERE Technologies Joins the Uptane Alliance](https://www.traffictechnologytoday.com/news/mapping/here-technologies-joins-the-uptane-alliance-for-highly-secure-software-updates.html)
+
+- [TMCnet.com-May 28, 2019: HERE Technologies Joins the Uptane Alliance](https://www.tmcnet.com/usubmit/2019/05/28/8963021.htm)
+
+- [Airbiquity.com-December 13, 2018: Airbiquity Bolsters OTAmatic™ Security And Data Analytic Features In Latest Over-The-Air (OTA) Software And Data Management Offering For Automotive](https://www.airbiquity.com/news/press-releases/airbiquity-bolsters-otamatictm-security-and-data-analytic-features-latest-over-air-ota-software-and-data-management-offering-aut)
+
+- [Auto Cybersecurity Connected Car News-August 19, 2018: Uptane Prevents Attacks](https://www.autoconnectedcar.com/2018/08/automotive-cybersecurity-open-source-ota-crypto-market/)
+
+- [eweek.com-July 13, 2018: How The Update Framework Improves Software Distribution Security](https://www.eweek.com/security/how-the-update-framework-improves-software-distribution-security)
+
+- [eSecurity Planet.com-June 13, 2018: Container and Kubernetes Security: It's Complicated](https://www.esecurityplanet.com/applications/container-and-kubernetes-security.html)
+
+- [Airbiquity.com-January 2018: Airbiquity OTAmatic Named 2017 New Product Of The Year By Business Intelligence Group](https://www.airbiquity.com/news/press-releases/airbiquity-otamatic-named-2017-new-product-year-business-intelligence-group)
+
+- [TechCrunch-October 2017: The Cloud Native Computing Foundation Adds Two Security Projects to its Open Source Stable](https://beta.techcrunch.com/2017/10/24/the-cloud-native-computing-foundation-adds-two-security-projects-to-its-open-source-stable/)
+
+- [Container Journal-October 2017: CNCF Adds 2 Projects to Better Secure Containers](https://containerjournal.com/2017/10/24/cncf-adds-projects-better-secure-containers/)
+
+- [Enterprise Cloud News-October 2017: Cloud Native Computing Foundation Adopts 2 Security Projects](http://www.enterprisecloudnews.com/author.asp?section_id=571&doc_id=737560)
+
+- [The New Stack-October 2017: CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption](https://thenewstack.io/cncf-brings-security-cloud-native-stack-notary-tuf-adoption/)
+
+- [Popular Science-October 2017: The Year's Most Important Innovations in Security](https://www.popsci.com/top-security-innovations-2017)
+
+- [eWeek-April 2017: How The Update Framework Improves Security of Software Updates](https://www.eweek.com/security/how-the-update-framework-improves-security-of-software-updates)
+
+- [Python Podcast.init-March 2017: Securing your Software Updates with Justin Cappos-Episode 99, March 2017](https://www.podcastinit.com/episode-99-the-update-framework-with-justin-cappos/)
+
+- [Forbes-January 2017: Uptane Will Protect your Connected Car from Hackers](https://www.forbes.com/sites/.../uptane-will-protect-your-connected-car-from-hackers)
+
+- [Christian Science Monitor-January 2017: Are Software Uodates Key to Stopping Criminal Car Hacks?](https://www.csmonitor.com/World/Passcode/2017/0118/Are-software-updates-key-to-stopping-criminal-car-hacks)
+
+- [YouTube-October 2016: Justin Cappos presents TUF and ongoing work in securing software updates in automobiles and the software supply chain at Docker's Distributed Systems Summit 2016 ](https://www.youtube.com/watch?v=Aryr0O6H_2U&list=PLkA60AVN3hh8oPas3cq2VA9xB7WazcIgs&index=9)
+
+- [Duo Tech Talk-July 2016: Secure Software Distribution in an Adversarial World](https://www.youtube.com/watch?v=OW8NPkSq-3k)
+
+- [The New Stack-August 2015: Docker: With Content Trust, You Can Run Containers on Untrusted Networks](https://thenewstack.io/docker-content-trust-can-run-containers-untrusted-networks/)
+
+- [Notary demoed at the DockerCon 2015 keynote](https://www.ustream.tv/recorded/64499822#t=1h54m0s)
+
+- [LWN.net-January 2015: Docker image "verification"](https://lwn.net/Articles/628343/)
+
+- [PyCon 2015-Poster Presentation](https://us.pycon.org/2015/schedule/presentation/438/)
+
+- [LWN.net-January 2015: Protecting Python package downloads](https://lwn.net/Articles/629426/)
+
+- [Hacker News-December 2014: Incremental Plans to Improve Python Packaging](https://news.ycombinator.com/item?id=8780369)
+
+- [Titanous.com blog-December 2014: Docker Image Insecurity](https://titanous.com/posts/docker-insecurity)
+
+- [The Linux Magazine-March 2014: TUF Love](https://www.linux-magazine.com/Issues/2014/160/Security-Lessons-TUF)
+
+- [Promotional materials on TUF (The Update Framework) w/ Justin Cappos and Trishank Kuppusamy](https://vimeo.com/88774074)
+
+- [Slashdot: Package Managers As Achilles Heel](https://it.slashdot.org/story/08/07/10/227220/package-managers-as-achilles-heel)

content/en/resources/publications.md

@@ -0,0 +1,18 @@
+---
+title: Publications
+description:
+---
+
+The following papers provide detailed information on securing software updater
+systems, TUF's design, attacks on package managers, and package management
+security:
+
+- [Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories](https://theupdateframework.io/papers/prevention-rollback-attacks-atc2017.pdf?raw=true)
+
+- [Diplomat: Using Delegations to Protect Community Repositories](https://theupdateframework.io/papers/protect-community-repositories-nsdi2016.pdf?raw=true)
+
+- [Survivable Key Compromise in Software Update Systems](https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf?raw=true)
+
+- [A Look In the Mirror: Attacks on Package Managers](https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf?raw=true)
+
+- [Package Management Security](https://theupdateframework.io/papers/package-management-security-tr08-02.pdf?raw=true)

content/en/resources/videos.md

@@ -0,0 +1,29 @@
+---
+title: Videos
+description:
+  Sample videos of presentations given by project members and adopters.
+---
+
+## TUF-en Up Your Signatures
+
+{{< youtube "8sUqo36IVio" >}}
+
+## Defending against attacks on package managers
+
+{{< youtube "Y9Yxst_-Cvg" >}}
+
+## Securing Content Repositories with The Update Framework (TUF)
+
+{{< youtube "Xuk3BcluYxw">}}
+
+## Talking TUF: Securing Software Distribution
+
+{{< youtube "Aryr0O6H_2U" >}}
+
+## Securing the Software Supply Chain with TUF and Docker
+
+{{< youtube "SNge7-t4JRE" >}}
+
+## Atlassian Dev Den Tech Talk Series: Securing Rubygems with TUF
+
+{{< youtube "J0GkcToeDiM" >}}