AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the comprehensive security audit process of RSTUF (Repository Service for TUF) through three expert perspectives in this 16-minute conference talk. Examine the security architecture choices made in RSTUF and their impact on the project's overall security posture, while learning about the collaborative audit process organized by the Open Source Technology Improvement Fund (OSTIF) and executed by X41 D-Sec. Discover how RSTUF maintainer Kairo de Araujo approached the project architecture and secured funding support from OpenSSF for the security audit, understand Helen Woeste's methodology for engaging OSTIF and managing the audit process, and gain insights from X41 auditor Eric Sesterhenn on establishing efficient collaboration between auditors and maintainers. Learn about the technical security considerations, funding processes, and best practices for conducting effective security audits in open source supply chain security projects.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
