Update reviews/tuf-graduation.md

Signed-off-by: Justin Cappos <[email protected]>
KjeldF · Nov 11, 2019 · 3363c7a · 3363c7a
1 parent 16f6383
commit 3363c7a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/reviews/tuf-graduation.md b/reviews/tuf-graduation.md
@@ -71,6 +71,9 @@ These documents may be found here:
 
 Our website has an [adoptions page](https://theupdateframework.github.io/adoptions.html) on it that lists the different projects. We also have an [ADOPTERS.MD](https://github.com/theupdateframework/tuf/blob/develop/docs/ADOPTERS.md) which contains much of the same information. [Uptane](https://uptane.github.io/), the automotive version of TUF, also its own [adoptions page](https://uptane.github.io/adoptions.html).
 
+## Security Audits
+There are multiple [security audits](https://theupdateframework.github.io/audits.html) of TUF available on the TUF website.
+
 ### Alternatives to TUF
 
 The most common alternative to TUF involves using either a signing key on the server (e.g., TLS) or on a server as part of software creation (e.g., GPG signing in a build farm). Either way, the fundamental difference is that a single key / server compromise can result in an attacker having the ability to install arbitrary code on end user machines. Existing specifications / proposals like OMA-DM, SUIT, ITU-T X.1373, as well as common use patterns for GPG/PGP/RSA signing and TLS all have this flaw.