Witness and Archivista Donated to In-Toto
Author: Mikhail Swift
Harnessing Open Source for Enhanced Security: TestifySec's Latest Milestone
At TestifySec, our commitment to open-source software is not just a philosophy; it's the bedrock of our mission. Inspired by the ethos of 'Everyone Deserves Secure Software', we've always sought to intertwine our destiny with the open-source community. This journey began with our roots deeply planted in the fertile ground of the in-toto community, nurturing our growth and shaping our vision.
Today marks a pivotal moment in our journey. We're thrilled to announce a significant milestone: our beloved projects, Witness and Archivista, have now been officially embraced as subprojects under in-toto. This monumental step, ratified by the in-toto steering committee, is not just a recognition of our work but a testament to our unwavering dedication to open-source principles.
Bridging the Gap: Witness and Archivista Joining CNCF
Integrating Witness and Archivista into the CNCF ecosystem is more than a mere expansion; it's a strategic move towards solidifying their future. By aligning with CNCF, we're ensuring robust governance and sustainable growth for these projects. This alignment echoes our pledge to open-source and paves the way for broader adoption and deeper community involvement.
Unleashing Potential: The Power of Community
Our engagement with the community is not just about governance. It's about unlocking potential. Witness and Archivista are poised to catalyze the widespread adoption of the in-toto project, opening doors to unprecedented opportunities and collaborations.
The landscape of software security is rapidly evolving, and in-toto is at the forefront, emerging as the chosen attestation format for pivotal projects like Sigstore, SLSA, Tekton, and more. Our focus now is to ensure that go-witness becomes the go-to library for generating these critical attestations, reinforcing the security infrastructure of the open-source ecosystem.
The Future of Policy Management: Archivista and TUF Integration
As the volume of in-toto attestations grows, the challenge of managing and trusting in-toto layouts or policies becomes increasingly complex. This is where our next endeavor lies. We're working on integrating The Update Framework (TUF) with Archivista, a leap forward in simplifying policy management. This integration will empower users to handle policies with greater ease and reliability, eliminating the hurdles of traditional trust delegation methods.
Join Us on This Exciting Journey
Our excitement is boundless, and the horizon is brimming with possibilities. We're gearing up for an exhilarating time at KubeCon + CloudNativeCon Europe in Paris, where we can't wait to dive into enriching discussions and share our latest developments.
But why wait for KubeCon? Dive into the in-toto community today! Join one of our community meetings or contribute to an issue on GitHub. Together, let's forge a future where secure software is not just an ideal but a reality for everyone.