This strategy of “compromise-resilience” improves on existing methods based on keysigning[12][13] by incorporating techniques, such as separation of signing duties and setting a threshold number of required signatures.
[14] To date, the list of tech companies and organizations using TUF include Foundries.io,[15] IBM,[16] VMware,[17] Digital Ocean,[18] Microsoft,[19] Google,[20] Amazon,[21] Leap,[22] Kolide,[23] Docker,[24] and Cloudflare.
In December 2019, TUF was awarded “graduate” status within the organization, signifying that it has completed a series of steps needed to move the project to the highest level of maturity in the CNCF.
[33] These steps included completing an independent third party security audit, adopting the CNCF Code of Conduct, and explicitly defining a project governance and committer process.
[20] In 2017, an adaptation of this technology called Uptane, designed to protect computing units on automobiles, was named one of the top security inventions for 2017 by Popular Science.