!
! ! PRESS!OFFICE!•!1!MetroTech!Center,!19
th
!Floor,!Brooklyn,!NY!11201!
! ! ! !!CONTACT!•!Kathleen!Hamilton!
!!!!!!!!!!!!!!!!!!!!!!! ! ! ! ! !!!!646.997.3792!/!mobile!347.843.9782!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! ! ! ! ! !!!!!!!kathleen.hamilton@nyu.edu!
!
!
-more-!
Note:&Images&available&at:&
https://nyutandon.photoshelter.com/galleries/C0000yZB2rPqM.1s/G00001_duf5LXq7E/Cappos-In-Toto&
!
Imme d ia te !R e le a se !!!!
!
!!!!!
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
New,!free!tool!adds!layer!of!security!for!the!!
!
software!supply!chain!!
!
NYU!Tandon!School!of!Engineering!researchers!launch!open-source!system!that!gives!developers!a!
way!to!verify!integrity!at!each!step!of!software!development!and!deployment!
!
!
BROOKLYN,!New!York,!Tuesday,!December!15,!2020!–!The!software!supply!chain!has!long!been!a!prime!
target!for!cyberattacks,!putting!servers,!IoT!devices,!personal!computers,!and!connected!equipment!
from!surgically!embedded!devices!to!avionics!at!risk!of!sabotage.!These!risks!will!increase!dramatically!
with!the!global!rollout!of!such!new!technologies!as!5G!telecommunications,!and!new!tools!will!be!
required!to!affirm!the!security!and!authenticity!of!software!projects.!Against!this!backdrop,!in-toto,!an!
open-source!tool!developed!by!researchers!at!the!NYU!Tandon!School!of!Engineering!that!provides!an!
unprecedented!level!of!assurance!against!such!attacks,!announces!it!has!hit!a!significant!milestone!
with!the!release!of!its!first!major!version.!!
!
in-toto,!a!free,!easy-to-use!framework!that!cryptographically!ensures!the!integrity!of!the!software!
supply!chain,!was!developed!in!2016!by!Justin!Cappos,!a!professor!of!computer!science!and!
engineering,!and!Santiago!Torres-Arias,!a!former!Ph.D.!student!at!NYU!Tandon,!now!a!professor!at!
Purdue!University.!Since!its!advent!in-toto!has!been!adopted!or!integrated!into!several!major!open!
source!software!projects,!including!those!hosted!by!the!Cloud!Native!Computing!Foundation,!a!part!of!
the!Linux!Foundation.!With!the!release!of!version!1.0,!in-toto!has!reached!a!level!of!maturity!where!its!
developers!can!ensure!its!quality,!and!guarantee!its!security!to!potential!adopters.!
!
Like!blockchain!for!the!software!development!process,!in-toto!ensures!that!all!steps!performed!on!a!
piece!of!software!throughout!its!design!and!development!lifecycle!can!be!trusted!by!providing!
