in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
To learn more, see What is in-toto and Overview.
Governance
The in-toto project is managed by the Linux Foundation under the Cloud Native Computing Foundation. Contributors and maintainers are governed by the CNCF Community Code of Conduct. For details, see Governance.
The in-toto project is led by Prof. Santiago Torres-Arias at Purdue University. It has many contributors from academia and industry, including members of the Secure Systems Lab at NYU and the NJIT Cybersecurity Research Center.
Funding
This research was supported by the US National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF, DARPA and AFRL. The United States Government is authorized to reproduce and distribute reprints notwithstanding any copyright notice herein.