Explore the critical aspects of securing software distribution and updates in this 40-minute conference talk. Learn about The Update Framework (TUF) and its integration with Docker's Notary software to protect against various attack vectors. Discover how TUF addresses key revocation, mitigates man-in-the-middle attacks, and reduces the impact of repository compromise. Examine new techniques for verifying different stages of the software supply chain, including development, build, and quality assurance processes. Gain insights into the roles of various stakeholders, the concept of Darker Manifests, and the importance of standardization in enhancing software security.