diff --git a/assets/js/navScroll.js b/assets/js/navScroll.js
deleted file mode 100644
index 4fc7101..0000000
--- a/assets/js/navScroll.js
+++ /dev/null
@@ -1,17 +0,0 @@
-// Check If an Element is Visible in the Viewport
-function isInViewport(element) {
-  const rect = element.getBoundingClientRect();
-  return (
-    rect.top >= 0 &&
-    rect.left >= 0 &&
-    rect.bottom <=
-      (window.innerHeight || document.documentElement.clientHeight) &&
-    rect.right <= (window.innerWidth || document.documentElement.clientWidth)
-  );
-}
-
-let ele = document.querySelector('#td-section-nav .td-sidebar-nav-active-item');
-
-if (ele && !isInViewport(ele)) {
-  ele.scrollIntoView({ behavior: 'smooth', block: 'end', inline: 'nearest' });
-}
diff --git a/assets/js/registrySearch.js b/assets/js/registrySearch.js
deleted file mode 100644
index f1ed9b4..0000000
--- a/assets/js/registrySearch.js
+++ /dev/null
@@ -1,240 +0,0 @@
-const miniSearchOptions = {
-  fields: [
-    'title',
-    'description',
-    '_key',
-    'tags',
-    'package.name',
-    'license',
-    'language',
-    'registryType',
-  ], // fields to index for full-text search
-  storeFields: ['title', '_key'], // fields to return with search results
-  extractField: (document, fieldName) => {
-    if (Array.isArray(document[fieldName])) {
-      return document[fieldName].join(' ');
-    }
-    return fieldName.split('.').reduce((doc, key) => doc && doc[key], document);
-  },
-  searchOptions: {
-    prefix: true,
-    boost: {
-      title: 4,
-      tags: 3,
-      description: 2,
-    },
-    fuzzy: 0.2,
-  },
-};
-
-const originalDocumentTitle = document.title;
-
-let fetched = false;
-const miniSearch = new MiniSearch(miniSearchOptions);
-
-// Get searchQuery for queryParams
-let pathName = window.location.pathname;
-let searchQuery = '';
-let selectedLanguage = 'all';
-let selectedComponent = 'all';
-
-parseUrlParams();
-
-if (pathName.includes('registry')) {
-  // Run search or display default body
-  if (searchQuery) {
-    executeSearch(searchQuery);
-  } else {
-    showBody();
-  }
-
-  if (selectedLanguage !== 'all' || selectedComponent !== 'all') {
-    if (selectedLanguage !== 'all') {
-      document.getElementById('languageDropdown').textContent =
-        document.getElementById(
-          `language-item-${selectedLanguage}`,
-        ).textContent;
-    }
-    if (selectedComponent !== 'all') {
-      document.getElementById('componentDropdown').textContent =
-        document.getElementById(
-          `component-item-${selectedComponent}`,
-        ).textContent;
-    }
-    updateFilters();
-  }
-
-  document.addEventListener('DOMContentLoaded', (event) => {
-    let searchForm = document.getElementById('searchForm');
-    searchForm.addEventListener('submit', function (evt) {
-      evt.preventDefault();
-      let val = document.getElementById('input-s').value;
-      setInput('s', val);
-      parseUrlParams();
-      executeSearch(searchQuery);
-    });
-
-    let searchInput = document.getElementById('input-s');
-    searchInput.addEventListener('keyup', function (evt) {
-      autoSuggest(evt.target.value);
-    });
-
-    let languageList = document
-      .getElementById('languageFilter')
-      .querySelectorAll('.dropdown-item');
-    let typeList = document
-      .getElementById('componentFilter')
-      .querySelectorAll('.dropdown-item');
-    languageList.forEach((element) =>
-      element.addEventListener('click', function (evt) {
-        let val = evt.target.getAttribute('value');
-        selectedLanguage = val;
-        document.getElementById('languageDropdown').textContent =
-          evt.target.textContent;
-        setInput('language', val);
-        updateFilters();
-      }),
-    );
-    typeList.forEach((element) =>
-      element.addEventListener('click', function (evt) {
-        let val = evt.target.getAttribute('value');
-        selectedComponent = val;
-        document.getElementById('componentDropdown').textContent =
-          evt.target.textContent;
-        setInput('component', val);
-        updateFilters();
-      }),
-    );
-  });
-}
-
-function showBody() {
-  document.title = originalDocumentTitle;
-  document.querySelector('#search-results').innerHTML = '';
-  let defaultBody = document.querySelector('#default-body');
-  if (defaultBody.style.display === 'none') {
-    defaultBody.style.display = 'block';
-  }
-}
-
-// Runs search through Fuse for fuzzy search
-function executeSearch(searchQuery) {
-  if (searchQuery === '') {
-    showBody();
-    return;
-  }
-
-  document.title = searchQuery + ' at ' + originalDocumentTitle;
-  document.querySelector('#input-s').value = searchQuery;
-  document.querySelector('#default-body').style.display = 'none';
-  document.querySelector('#search-results').innerHTML = '';
-  document.getElementById('search-loading').style.display = 'block';
-
-  const run = function (searchQuery) {
-    // The 0-timeout is here if search is blocking, such that the "search loading" is rendered properly
-    setTimeout(() => {
-      let results = miniSearch.search(searchQuery);
-      document.getElementById('search-loading').style.display = 'none';
-
-      if (results.length > 0) {
-        populateResults(results);
-      } else {
-        document.querySelector('#search-results').innerHTML +=
-          '<p>No matches found</p>';
-      }
-    }, 0);
-  };
-
-  if (fetched) {
-    run(searchQuery);
-  } else {
-    fetch('/ecosystem/registry/index.json')
-      .then((res) => res.json())
-      .then((json) => {
-        fetched = true;
-        miniSearch.addAll(json);
-        run(searchQuery);
-      });
-  }
-}
-
-function autoSuggest(value) {
-  if (value === '') {
-    return;
-  }
-
-  const run = function (value) {
-    const suggestions = miniSearch.autoSuggest(value, {
-      // we only use title, otherwise we get strange suggestions, especially with description
-      fields: ['title'],
-    });
-    const list = document.getElementById('search-suggestions');
-    list.innerHTML = suggestions
-      .map(({ suggestion }) => `<option>${suggestion}</option>`)
-      .join('');
-  };
-
-  if (fetched) {
-    run(value);
-  } else {
-    fetch('/ecosystem/registry/index.json')
-      .then((res) => res.json())
-      .then((json) => {
-        fetched = true;
-        miniSearch.addAll(json);
-        run(value);
-      });
-  }
-}
-
-// Populate the search results and render to the page
-function populateResults(results) {
-  document.querySelector('#search-results').innerHTML += results.reduce(
-    (acc, result) => {
-      return (
-        acc +
-        document.querySelector(`[data-registry-id="${result._key}"]`).outerHTML
-      );
-    },
-    '',
-  );
-}
-
-function setInput(key, value) {
-  document.getElementById(`input-${key}`).value = value;
-  var queryParams = new URLSearchParams(window.location.search);
-  queryParams.set(key, value);
-  history.replaceState(null, null, '?' + queryParams.toString());
-}
-
-// Filters items based on language and component filters
-function updateFilters() {
-  let allItems = [...document.getElementsByClassName('registry-entry')];
-  if (selectedComponent === 'all' && selectedLanguage === 'all') {
-    allItems.forEach((element) => element.classList.remove('d-none'));
-  } else {
-    allItems.forEach((element) => {
-      const dc = element.dataset.registrytype;
-      const dl = element.dataset.registrylanguage;
-      if (
-        (dc === selectedComponent || selectedComponent === 'all') &&
-        (dl === selectedLanguage || selectedLanguage === 'all')
-      ) {
-        element.classList.remove('d-none');
-      } else if (dc === selectedComponent && dl !== selectedLanguage) {
-        element.classList.add('d-none');
-      } else if (dl === selectedLanguage && dc !== selectedComponent) {
-        element.classList.add('d-none');
-      } else {
-        element.classList.add('d-none');
-      }
-    });
-  }
-}
-
-function parseUrlParams() {
-  let urlParams = new URLSearchParams(window.location.search);
-  searchQuery = urlParams.get('s');
-  selectedLanguage = urlParams.get('language') || 'all';
-  selectedComponent = urlParams.get('component') || 'all';
-}
diff --git a/assets/js/tracing.js b/assets/js/tracing.js
deleted file mode 100644
index 54f21a2..0000000
--- a/assets/js/tracing.js
+++ /dev/null
@@ -1,38 +0,0 @@
-import {
-  ConsoleSpanExporter,
-  SimpleSpanProcessor,
-} from '@opentelemetry/sdk-trace-base';
-import { WebTracerProvider } from '@opentelemetry/sdk-trace-web';
-import { getWebAutoInstrumentations } from '@opentelemetry/auto-instrumentations-web';
-import { registerInstrumentations } from '@opentelemetry/instrumentation';
-import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
-import { Resource } from '@opentelemetry/resources';
-import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
-import { ZoneContextManager } from '@opentelemetry/context-zone-peer-dep';
-
-const collectorOptions = {
-  url: 'https://otelwebtelemetry.com/v1/traces',
-};
-const exporter = new OTLPTraceExporter(collectorOptions);
-
-const resources = new Resource({
-  [SemanticResourceAttributes.SERVICE_NAME]: 'opentelemetry.io',
-  'browser.language': navigator.language,
-});
-
-const provider = new WebTracerProvider({
-  resource: resources,
-});
-
-registerInstrumentations({
-  instrumentations: [getWebAutoInstrumentations({})],
-  tracerProvider: provider,
-});
-
-provider.addSpanProcessor(new SimpleSpanProcessor(exporter));
-provider.addSpanProcessor(new SimpleSpanProcessor(new ConsoleSpanExporter()));
-provider.register({
-  contextManger: new ZoneContextManager(),
-});
-
-module.export = provider.getTracer('otel-web');
diff --git a/assets/scss/_registry.scss b/assets/scss/_registry.scss
deleted file mode 100644
index ead9e0d..0000000
--- a/assets/scss/_registry.scss
+++ /dev/null
@@ -1,43 +0,0 @@
-.badge {
-  @each $component, $color in $otel-component-colors {
-    &.badge-#{$component} {
-      color: white;
-      background-color: $color;
-    }
-  }
-
-  @each $component, $color in $otel-registry-license-colors {
-    &.badge-#{$component} {
-      color: white;
-      background-color: $color;
-    }
-  }
-
-  &.badge-elixir {
-    color: map-get($otel-component-colors, 'erlang');
-    background-color: inherit;
-    border: solid 1px map-get($otel-component-colors, 'erlang');
-  }
-
-  &.badge-js {
-    color: map-get($otel-component-colors, 'js');
-    background-color: inherit;
-    border: solid 1px map-get($otel-component-colors, 'js');
-  }
-
-  &.badge-kotlin {
-    color: map-get($otel-component-colors, 'java');
-    background-color: inherit;
-    border: solid 1px map-get($otel-component-colors, 'java');
-  }
-
-  // Default color attributes, in case we miss a component definition above;
-  // which has happened, see https://github.com/open-telemetry/opentelemetry.io/pull/2481.
-  $default-otel-badge-bg: #f5a800; // Bright orange for default badges
-  color: white;
-  background-color: $default-otel-badge-bg;
-}
-
-.registry-entry {
-  @extend .shadow;
-}
diff --git a/assets/scss/_styles_project.scss b/assets/scss/_styles_project.scss
index 1490391..df89642 100644
--- a/assets/scss/_styles_project.scss
+++ b/assets/scss/_styles_project.scss
@@ -1,95 +1,5 @@
-/* Docsy-delta full file override: we're not tracking changes to the Docsy file of the same name. */
-// cSpell:ignore cncf docsy
-
-@import 'registry';
-@import 'tabs';
-@import 'external_link';
 @import 'td/code-dark';
 
-.td-home {
-  .otel-logo {
-    margin-top: 2rem;
-    margin-bottom: 3rem;
-    max-height: 12rem;
-  }
-
-  .td-box--white .container blockquote {
-    font-size: smaller;
-  }
-}
-
-.l-buttons {
-  display: flex;
-  flex-wrap: wrap;
-  justify-content: center;
-  margin-top: 1rem;
-  margin-bottom: 1rem;
-
-  > ul {
-    list-style: none;
-    margin: 0;
-    padding: 0;
-
-    > li {
-      display: inline;
-      > a {
-        @extend .btn;
-        margin: 0.25rem;
-
-        &:hover {
-          text-decoration: none;
-        }
-      }
-    }
-  }
-}
-
-.l-get-started-buttons {
-  @extend .l-buttons;
-
-  > ul > li > a /*, > p > a*/ {
-    @extend .btn-lg;
-    @extend .btn-secondary;
-  }
-}
-
-.l-primary-buttons {
-  @extend .l-buttons;
-
-  > ul > li > a {
-    @extend .btn-lg;
-    @extend .btn-primary;
-  }
-}
-
-//override the button classes for the Status page only
-.l-status-primary {
-  @extend .l-buttons;
-  justify-content: left;
-
-  > ul > li > a /*, > p > a*/ {
-    @extend .btn-lg;
-    @extend .btn-primary;
-    padding: 20px;
-    border-radius: 0;
-    min-width: 220px;
-  }
-}
-
-.l-status-secondary {
-  @extend .l-buttons;
-  justify-content: left;
-
-  > ul > li > a /*, > p > a*/ {
-    @extend .btn-lg;
-    @extend .btn-secondary;
-    padding: 20px;
-    border-radius: 0;
-    min-width: 150px;
-    color: #2f4f4f;
-  }
-}
-
 /* Custom styles for the navbar */
 .td-navbar {
   background-color: $primary  !important; /* Set background color to black */
@@ -103,12 +13,6 @@
   }
 }
 
-// Adjust the spacing of page-meta and page-TOC (https://github.com/open-telemetry/opentelemetry.io/pull/354)
-// TODO: upstream
-.td-toc #TableOfContents {
-  padding-top: 1rem;
-}
-
 .td-home {
   .cncf {
     text-align: center;
@@ -129,197 +33,3 @@
     }
   }
 }
-
-.o-banner {
-  @include media-breakpoint-up(md) {
-    width: 100%;
-    position: fixed;
-    margin-left: -15px;
-    z-index: 31;
-    top: 4rem;
-  }
-
-  background: var(--td-pre-bg);
-  color: var(--bs-body-color);
-  text-align: center;
-
-  & p {
-    padding: 0.5rem;
-    margin-bottom: initial;
-  }
-}
-
-.td-page-meta__child {
-  display: none !important;
-}
-
-.otel-docs-spec {
-  .td-page-meta__edit {
-    display: none !important;
-  }
-}
-
-// Contribution section in community page
-.community-contribution {
-  text-align: center;
-
-  & > p {
-    font-size: $h3-font-size;
-    font-weight: $headings-font-weight;
-    line-height: $headings-line-height;
-    margin-bottom: $headings-margin-bottom;
-  }
-}
-
-.td-breadcrumbs__single {
-  display: none !important;
-}
-
-.config-option {
-  padding-inline-start: 1.5em;
-
-  .label {
-    font-weight: bold;
-  }
-
-  details {
-    background-color: var(--bs-tertiary-bg);
-    margin-bottom: 0.5em;
-
-    summary {
-      display: block;
-      &::-webkit-details-marker {
-        display: none;
-      }
-
-      &::after {
-        color: $secondary;
-        @extend .fas;
-        content: fa-content($nbsp + $fa-var-plus-circle);
-      }
-    }
-
-    &[open] summary::after {
-      @extend .fas;
-      content: fa-content($nbsp + $fa-var-minus-circle);
-    }
-  }
-}
-
-.otel-mermaid-max-width pre.mermaid {
-  max-width: inherit;
-}
-
-.td-content img:not(.img-initial) {
-  display: block;
-  border: $border-width solid $border-color;
-  margin-bottom: $paragraph-margin-bottom;
-  @extend .td-max-width-on-larger-screens;
-}
-
-.td-blog.otel-with-contributions-from {
-  .td-content {
-    .td-byline {
-      margin: 0 !important;
-    }
-    .article-meta {
-      margin: 0;
-    }
-    p:first-of-type {
-      @extend .small;
-      opacity: 0.65;
-      padding-top: 0.2rem;
-      margin-bottom: 1.5rem;
-    }
-  }
-}
-
-// Registry
-
-.td-section.registry {
-  .td-outer {
-    height: auto;
-  }
-
-  .registry-entry {
-    display: flex;
-    align-items: flex-start;
-    padding-bottom: 0.5rem;
-
-    .h5 {
-      margin-bottom: 0.2rem;
-    }
-
-    &-body {
-      flex: 1;
-    }
-  }
-}
-
-body.td-page--draft .td-content {
-  position: relative;
-
-  &::after {
-    content: 'Draft';
-    position: absolute;
-    top: 10vw;
-    left: 50%;
-    transform: translate(-50%, 0) rotate(-45deg);
-    color: rgba(255, 0, 0, 0.3);
-    font-size: 18vw;
-    z-index: 9999;
-    pointer-events: none;
-    text-transform: uppercase;
-    font-weight: bold;
-    text-align: center;
-    max-width: max-content;
-  }
-}
-
-details {
-  margin-bottom: $paragraph-margin-bottom;
-}
-
-.ot-integration-badge {
-  @extend .btn;
-  @extend .shadow;
-
-  border-radius: 0 !important;
-
-  position: relative;
-  float: right;
-  transform: rotate(6deg);
-  background: hsl(60, 100%, 60%);
-  border-color: hsl(60, 100%, 60%);
-  padding: 1rem;
-  margin: 0 1rem 1rem 1rem;
-
-  &__text {
-    font-weight: $font-weight-semibold;
-  }
-
-  &__info {
-    @extend .text-warning;
-    @extend .translate-middle;
-
-    position: absolute;
-    top: 0;
-    left: 100%;
-  }
-
-  &:hover {
-    background: hsl(60, 100%, 60%);
-    transform: rotate(4deg);
-    transition: transform 0.2s linear;
-  }
-}
-
-// Workaround for iOS and macOS Safari 17+. For details see:
-// https://github.com/open-telemetry/opentelemetry.io/issues/3538
-
-.td-content .highlight > pre {
-  > .click-to-copy,
-  > code {
-    overflow-y: auto;
-  }
-}
diff --git a/assets/scss/_variables_project.scss b/assets/scss/_variables_project.scss
index 73d957c..7c454df 100644
--- a/assets/scss/_variables_project.scss
+++ b/assets/scss/_variables_project.scss
@@ -1,47 +1,12 @@
 /* Updated color scheme to match the background image */
 
-$otel-colors: (
-  'orange': #f5a800,       // Keep existing
-  'orange-light': #fff0ce, // Keep existing
+$in-toto-colors: (
+  'orange': #ed4b27,       // Keep existing
+  'orange-light': #f47a39, // Keep existing
   'blue': #1b2838,         // Darker blue for better contrast
-  'blue-light': #a3b5c8,   // Lighter blue for accents
-  'purple': #3a4d6c,       // Darker purple for better contrast
-  'light-green': #c0f587,  // Keep existing
-  'java': #b07219,         // Keep existing
+  'blue-light': #a3b5c8,   // Lighter blue for accentss
 );
 
-$otel-component-colors: (
-  'collector': #1c1f23,      // Darker shade
-  'core': #2c3ed3,           // Keep existing
-  'cpp': #f34b7d,            // Keep existing
-  'dotnet': #178600,         // Keep existing
-  'erlang': #b83998,         // Keep existing
-  'exporter': #3ed32c,       // Keep existing
-  'extension': #d3532c,      // Keep existing
-  'go': #00add8,             // Keep existing
-  'instrumentation': #d32c3e,// Keep existing
-  'java': #b07219,           // Keep existing
-  'js': #f1e05a,             // Keep existing
-  'lua': #03037b,            // Keep existing
-  'php': #4f5d95,            // Keep existing
-  'processor': #d32c42,      // Keep existing
-  'python': #3572a5,         // Keep existing
-  'receiver': #742cd3,       // Keep existing
-  'resource-detector': green,// Keep existing
-  'ruby': #701516,           // Keep existing
-  'rust': #dea584,           // Keep existing
-  'swift': #de5d43,          // Keep existing
-  'utilities': #2cd3b4,      // Keep existing
-);
-
-$otel-registry-license-colors: (
-  'apache-20': #e83e8c,        // Keep existing
-  'bsd-2-clause': #8ce83e,     // Keep existing
-  'mit': #3e8ce8,              // Keep existing
-  'artistic-10-perl': #e8c83e, // Keep existing
-);
-
-$primary: map-get($otel-colors, 'blue');       // Darker blue for primary elements
-$secondary: map-get($otel-colors, 'orange');   // Bright orange for secondary elements
-$secondary_1: map-get($otel-colors, 'java');   // Keep existing
+$primary: map-get($in-toto-colors, 'blue');       // Darker blue for primary elements
+$secondary: map-get($in-toto-colors, 'orange');   // Bright orange for secondary elements
 $td-enable-google-fonts: false;
diff --git a/content/en/News/_index.md b/content/en/News/_index.md
new file mode 100644
index 0000000..f4ef4cc
--- /dev/null
+++ b/content/en/News/_index.md
@@ -0,0 +1,10 @@
+---
+title: News
+description: Stay updated with our latest news and announcements.
+menu:
+  main: { weight: 80 }
+outputs: [HTML, RSS]
+type: docs
+---
+
+{{< news >}}
diff --git a/content/en/_index.md b/content/en/_index.md
index 25244ee..245ae56 100644
--- a/content/en/_index.md
+++ b/content/en/_index.md
@@ -11,7 +11,7 @@ description: A framework to secure the integrity of software supply chains
 {{% param description %}}
 {.display-6}
 
-<a class="btn btn-lg btn-primary me-3" href="docs/spec/">Learn More</a>
+<a class="btn btn-lg btn-primary me-3" href="docs/what-is-in-toto/">Learn More</a>
 <a class="btn btn-lg btn-primary me-3" href="https://github.com/in-toto/demo">Try the demo</a>
 <a class="btn btn-lg btn-primary" href="https://github.com/in-toto/friends">Explore integrations</a>
 {.p-initial .my-5}
@@ -27,11 +27,11 @@ description: A framework to secure the integrity of software supply chains
 
 {{% blocks/section color="dark" type="row" %}}
 
-{{% blocks/feature icon="fa-solid fa-lock" title="Software supply chain protection" url="/docs/what_is_in_toto" %}}
+{{% blocks/feature icon="fa-solid fa-lock" title="Software supply chain protection" url="/docs/system-overview/" %}}
 **Supply chain compromises are becoming a frequent occurrence. in-toto can help you protect your software supply chain.**
 {{% /blocks/feature %}}
 
-{{% blocks/feature icon="fa-brands fa-github" title="Open, extensible standard" url="/docs/spec" %}}
+{{% blocks/feature icon="fa-solid fa-book" title="Open, extensible standard" url="/docs/spec-table/" %}}
 **in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.**
 {{% /blocks/feature %}}
 
diff --git a/content/en/blog/2023/security-audit-23.md b/content/en/blog/2023/security-audit-23.md
new file mode 100644
index 0000000..3a5bbca
--- /dev/null
+++ b/content/en/blog/2023/security-audit-23.md
@@ -0,0 +1,158 @@
+---
+title: Security Audit '23
+description: Explore our latest security audits and findings.
+type: docs
+date: 2023-05-11
+author: 'Aditya Sirish, [NYU Secure Systems Lab](https://ssl.engineering.nyu.edu)'
+---
+
+We are excited to announce completion of a source code audit of the in-toto
+Python and Go implementations along with an architectural review of the
+specification. The audit was ordered by the Open Source Technology Improvement
+Fund (OSTIF) and conducted by X41 D-Sec GmbH over the course of three weeks in
+February 2023.
+
+## Motivation
+
+While in-toto has previously undergone a security review by the CNCF’s
+TAG-Security, it had not been formally audited thus far. The in-toto
+implementations are currently used in production and the Python reference
+implementation reached v1.0 maturity in late 2020. The Go implementation has
+been the experimental testbed for several new features including the in-toto
+Attestation Framework. We decided in our roadmap that it is time to release v1.0
+of the specification and to apply for graduation at the CNCF. To formally
+underline our confidence in the specification we initiated the in-toto audit.
+
+## Results and Resolutions
+
+In their final report the auditors acknowledged that the quality of the analyzed
+source code was very good, and presented eight issues they had identified both
+in the code and also in the overall design and architecture of the in-toto
+framework. Among these issues one was labeled as high-severity, four as
+medium-severity, and three as low-severity issues.
+
+In addition, several informational findings, not relevant to the security of the
+in-toto framework, were listed in the report. We created GitHub advisories for
+all security findings and GitHub issues for the informational findings
+([implementation](https://github.com/in-toto/in-toto/issues?q=label%3AX41),
+[specification](https://github.com/in-toto/docs/issues?q=label%3AX41)).
+
+It shall be noted that all security-relevant issues can be mitigated by a
+correct usage of in-toto, or by understanding its scope. In fact the issue
+marked high-severity was well known to us as a possible use pattern and had an
+issue open for several years.  Thus, our fixes consist, above all, of
+clarifications in the specification and usage documentation.  Below we give an
+overview of all security-relevant findings and our response to them. More
+comprehensive details can be found in the linked advisories and the
+[report](/2023-security-audit-report.pdf).
+
+### File Metadata Ignored (medium severity)
+
+Advisory: [GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/docs/security/advisories/GHSA-wqrg-wjp9-wqfq)
+
+in-toto does not verify the integrity of file metadata. This might allow
+attackers to provoke privilege escalation or degradation of the final product.
+
+in-toto is designed to protect the integrity of artifact contents and not their
+metadata. That said and as recommended by the auditors, supply chain owners are
+free to promote dedicated file container formats that include e.g. permissions
+as part of the file contents.
+
+### Configuration Read From Local Directory (medium severity)
+
+Advisory: [GHSA-wqrg-wjp9-wqfq](https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf)
+
+CVE: [CVE-2023-32076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32076)
+
+The link generation tool of the reference implementation can be configured using
+RC files stored in directories following the XDG base directory specification.
+One of the options is via a hidden file in the directory in-toto is run. An
+attacker that controls the inputs to a step may compromise the link metadata and
+evade detection by including such a configuration with their materials in
+transit, which, e.g. filter certain artifacts from being recorded.
+
+This is a special case of  “Functionaries Do Not Perform Verification”, which is
+described below. Further, after conversations with in-toto adopters, we realized
+that while RC files are widely used by other systems, in-toto users typically
+set configurations using API parameters or CLI arguments. As such, we removed
+support for RC files from the reference implementation.
+
+### Layout Replay (low severity)
+
+Advisory: [GHSA-73jv-h86v-c2vh](https://github.com/in-toto/docs/security/advisories/GHSA-73jv-h86v-c2vh)
+
+It is possible for an attacker to replay an older, since-replaced layout that
+has not yet expired.
+
+We consider this out-of-scope for in-toto and have updated the specification to
+explicitly note this as a non-goal. That said,
+[ITE-2](https://github.com/in-toto/ITE/blob/master/ITE/2/README.adoc) and
+[ITE-3](https://github.com/in-toto/ITE/blob/master/ITE/3/README.adoc) are two
+“accepted” in-toto Enhancements that detail how
+[The Update Framework (TUF)](https://theupdateframework.io/) can be used in
+conjunction with in-toto to defend against layout replay attacks.
+
+### Link File Reuse (medium severity)
+
+Advisory: [GHSA-6q78-j78h-pqm2](https://github.com/in-toto/docs/security/advisories/GHSA-6q78-j78h-pqm2)
+
+Link metadata files are not inherently tied to a layout, which might allow an
+attacker to replay ​​steps by replacing link files with ones from an earlier
+version.
+
+This issue can be mitigated by using globally unique step names in a layout.
+However, this is not mandated by the specification as link metadata reuse, e.g.
+for different supply chains, or generating link metadata independently of any
+supply chain, are valid use cases. In addition, as described above ITE-2 and
+ITE-3 are designed to prevent unallowed metadata reuse.
+
+### Functionaries Do Not Perform Verification (high severity)
+
+Advisory: [GHSA-p86f-xmg6-9q4x](https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x)
+
+An attacker, who controls the product in transit, may compromise the whole
+supply chain and stay undetected, by modifying only the product in transit, and
+in such a way that the product itself can compromise a subsequent functionary.
+
+Among several possible mitigations, the preferred method is to encourage
+functionaries to strictly separate link generation from operations on untrusted
+materials. This recommendation aligns with the SLSA Level 3 requirement for
+Provenance generation that
+["Provenance is Non-forgeable"](https://slsa.dev/spec/v1.0/requirements#provenance-non-forgeable)
+and can be applied without changes to the in-toto specification. Other
+solutions, including [new tooling](https://github.com/in-toto/in-toto/pull/589)
+we have added, can be found in the advisory.
+
+### Several PGP Issues (varying severity)
+
+Advisory: [GHSA-jjgp-whrp-gq8m](https://github.com/in-toto/in-toto/security/advisories/GHSA-jjgp-whrp-gq8m)
+
+PGP keys in the reference implementation are not validated when verifying
+metadata signatures. More specifically, in-toto does not check if the validity
+period is in the future (low severity), revocation signatures exist (medium
+severity), or the key has correct usage flags (low severity).
+
+The auditors recommend using GnuPG for signature verification. However, this is
+not desirable as in-toto is designed to allow verification in isolation of
+external resources. Instead, it is the responsibility of the supply chain owner
+to vet keys before promoting them as verification keys, and to revoke them using
+the mechanisms provided by in-toto if necessary.
+
+## In Closing
+
+The findings from this review strengthen the in-toto specification and
+implementations. Several of these issues were difficult to find without the
+perspective of an outside reviewer, and they serve as a catalyst for us to
+deliver in-toto improvements and new features more quickly. We are also pleased
+to note that none of the issues fundamentally weaken the in-toto framework.
+
+We knew going in that in-toto would not be a typical subject of a security
+audit, especially as it was also focused on the specification. We think X41 rose
+to the task admirably and identified several points where the framework’s
+behavior could detract from what’s expected. Their findings and the resulting
+updates improve in-toto’s usability and make the framework more secure by
+default.
+
+Finally, we are extremely grateful to X41 for conducting, to Open Source
+Technology Improvement Fund (OSTIF) for organizing, and to the Cloud Native
+Computing Foundation (CNCF) for funding this audit – thank you all!
diff --git a/content/en/blog/_index.md b/content/en/blog/_index.md
new file mode 100644
index 0000000..56beff1
--- /dev/null
+++ b/content/en/blog/_index.md
@@ -0,0 +1,6 @@
+---
+title: Blog
+menu:
+  main: { weight: 50 }
+outputs: [HTML, RSS]
+---
diff --git a/content/en/docs/_index.md b/content/en/docs/_index.md
index 9297066..37e9d5d 100644
--- a/content/en/docs/_index.md
+++ b/content/en/docs/_index.md
@@ -7,7 +7,7 @@ menu: { main: { weight: 10 } }
 Welcome to the in-toto documentation. This resource hub will guide you through understanding and implementing in-toto to secure your software supply chains.
 
 ## in-toto Technical Specification
-Dive into the [in-toto Technical Specification](docs/spec) for detailed insights into the framework's design principles and architecture. This section lays the foundation for understanding how in-toto ensures software integrity.
+Dive into the [in-toto Technical Specification](docs/spec-table) for detailed insights into the framework's design principles and architecture. This section lays the foundation for understanding how in-toto ensures software integrity.
 
 ## Basic Demo
 Explore the [Basic Demo](https://github.com/in-toto/demo) to see in-toto in action. This step-by-step guide demonstrates practical applications of the framework, helping you connect theoretical concepts with real-world scenarios.
diff --git a/content/en/docs/faq.md b/content/en/docs/faq.md
new file mode 100644
index 0000000..5bc5fe3
--- /dev/null
+++ b/content/en/docs/faq.md
@@ -0,0 +1,20 @@
+---
+title: Frequently asked questions
+linkTitle: FAQ
+weight: 10
+---
+
+### Why the name “in-toto”?
+
+in-toto is Latin for "as a whole." We chose the name because our objective with in-toto is to build a system to protect the whole software supply chain.
+
+### What is the difference between in-toto and The Update Framework?
+[The Update Framework](https://theupdateframework.io) (TUF) provides a framework that can be used to secure update systems, i.e. the "last mile," whereas in-toto lets you verify the whole software supply chain. TUF and in-toto can play together very well, as you can use TUF to deliver updates and their corresponding in-toto metadata.
+
+### Is Python 3 supported?
+
+Yes, Python 3 is supported with in-toto.
+
+### Is there a timeline for the support of Python 2.7?
+
+We have released the final version of in-toto, v1.0.1, that supports Python 2. Our next release, at the end of April 2021, will drop support for Python 2.
diff --git a/content/en/docs/get-started/_index.md b/content/en/docs/get-started/_index.md
index 9716dfa..b0ef3ea 100644
--- a/content/en/docs/get-started/_index.md
+++ b/content/en/docs/get-started/_index.md
@@ -1,7 +1,6 @@
 ---
 title: "Getting Started"
 linkTitle: "Getting Started"
-type: docs
 weight: 2
 description: >
   An introductory guide to getting started with in-toto.
diff --git a/content/en/docs/spec-table.md b/content/en/docs/spec-table.md
new file mode 100644
index 0000000..b89b78f
--- /dev/null
+++ b/content/en/docs/spec-table.md
@@ -0,0 +1,13 @@
+---
+title: Specifications
+linkTitle: Specs
+weight: 7
+---
+
+| Name                          | Status | Version | URL                                                                           | Description |
+|-------------------------------|--------|---------|-------------------------------------------------------------------------------|-------------|
+| in-toto                        | Stable | v1.0    | [in-toto v1.0](https://github.com/in-toto/docs/blob/v1.0/in-toto-spec.md)      | This is a thoroughly-reviewed version of the specification (and probably what you're looking for). |
+| in-toto                        | Latest | master  | [in-toto master](https://github.com/in-toto/docs/blob/master/in-toto-spec.md)  | If you want to see the latest changes and possible features, click this. |
+| in-toto Attestation Framework  | Stable | v1.0    | [Attestation Framework v1.0](https://github.com/in-toto/attestation/tree/v1.0/) | The in-toto Attestation Framework is developed independently of the in-toto specification. A future version of the in-toto specification will incorporate this framework as the mechanism to express software supply chain claims. |
+| in-toto Attestation Framework  | Latest | master  | -                                                                             | If you want to see the latest changes to the in-toto Attestation Framework, click this. |
+
diff --git a/content/en/docs/spec.md b/content/en/docs/spec.md
deleted file mode 100644
index 7bda67f..0000000
--- a/content/en/docs/spec.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Specifications
-type : docs
----
-
-<table>
-  <thead>
-    <tr>
-      <th>Version</th>
-      <th>Description</th>
-    </tr>
-  </thead>
-  <tbody>
-    <tr>
-      <td>in-toto Stable (v1.0)</td>
-      <td>This is a thoroughly-reviewed version of the specification (and probably what you're looking for). <a href="https://github.com/in-toto/docs/blob/v1.0/in-toto-spec.md">Link</a></td>
-    </tr>
-    <tr>
-      <td>in-toto Latest</td>
-      <td>If you want to see the latest changes and possible features, click this. <a href="https://github.com/in-toto/docs/blob/master/in-toto-spec.md">Link</a></td>
-    </tr>
-    <tr>
-      <td>in-toto Attestation Framework Stable (v1.0)</td>
-      <td>The in-toto Attestation Framework is developed independently of the in-toto specification. A future version of the in-toto specification will incorporate this framework as the mechanism to express software supply chain claims. <a href="https://github.com/in-toto/attestation/tree/v1.0/">Link</a></td>
-    </tr>
-    <tr>
-      <td>in-toto Attestation Framework Latest</td>
-      <td>If you want to see the latest changes to the in-toto Attestation Framework, click this.</td>
-    </tr>
-  </tbody>
-</table>
diff --git a/content/en/docs/what_is_in_toto.md b/content/en/docs/what-is-in-toto.md
similarity index 100%
rename from content/en/docs/what_is_in_toto.md
rename to content/en/docs/what-is-in-toto.md
diff --git a/data/news.yaml b/data/news.yaml
new file mode 100644
index 0000000..4864ab4
--- /dev/null
+++ b/data/news.yaml
@@ -0,0 +1,87 @@
+- date: 2023-06-05
+  text: |
+    in-toto's specification reached v1.0! Find it [here](https://github.com/in-toto/docs/blob/v1.0/in-toto-spec.md).
+- date: 2022-03-10
+  text: |
+    in-toto has moved from the Cloud Native Computing Foundation (CNCF) Sandbox to the Incubator! Read the full announcement [here](https://www.cncf.io/blog/2022/03/10/supply-chain-security-project-in-toto-moves-to-the-cncf-incubator/).
+- date: 2021-09-11
+  text: |
+    Our Google Summer of Code 2021 intern Qijia "Joy" Liu shares her [story about the in-toto Rust implementation](https://coda.io/@joy/2021-gsoc-story)
+- date: 2021-06-08
+  text: |
+    The Google security team mentions in-toto in their blog article [Verifiable Supply Chain Metadata for Tekton](https://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html)
+- date: 2021-02-02
+  text: |
+    Peter Elkind and Jack Gillum published an article SolarWinds about [in-toto in ProPublica](https://www.propublica.org/article/solarwinds-cybersecurity-system)
+- date: 2020-12-15
+  text: |
+    Tech Xplore released an [article](https://techxplore.com/news/2020-12-free-tool-layer-software-chain.html) warning about software supply chain attacks and describing in-toto.
+- date: 2020-12-12
+  text: |
+    The Linux Foundation received support to help advance several projects, including [in-toto](https://www.linuxfoundation.org/press-release/2019/12/the-linux-foundations-automated-compliance-work-garners-new-funding-advances-tools-development/)!
+- date: 2020-10-07
+  text: |
+    Our Google Summer of Code 2020 intern Christian Rebischke shares his [story about the in-toto Go implementation](https://www.cncf.io/blog/2020/10/07/gsoc-spotlight-my-google-summer-of-code-experience-at-cncf-in-2020/)
+- date: 2019-10-14
+  text: |
+    Tobias Furuholm presented in-toto at the [CASTOR Software Days](https://castor-software-days-2019.github.io) and shared a [video recording](https://drive.google.com/file/d/1kvkZtYNtnVjh4xxp8aR1fURSKMeOHnkf) and his [slides](/slides/CASTOR_SW_Days_2019_-_Securing_Software_Supply_Chains_with_in-toto_-_Tobias_Furuholm.pdf) with us.
+- date: 2019-10-02
+  text: |
+    Adrian Colyer wrote an article about [in-toto in "the morning paper"](https://blog.acolyer.org/2019/10/02/in-toto/).
+- date: 2019-07-09
+  text: |
+    in-toto was featured in the blog post ["33(+) Kubernetes Security Tools"](https://sysdig.com/blog/33-kubernetes-security-tools/).
+- date: 2019-06-08
+  text: |
+    We demonstrated how reproducible builds can be verified on "apt install" using in-toto at [MiniDebConf Hamburg](https://wiki.debian.org/DebianEvents/de/2019/MiniDebConfHamburg). You can [watch it online](https://gemmei.ftp.acc.umu.se/Public/debian-meetings/2019/miniconf-hamburg/in-toto.webm).
+- date: 2019-06-03
+  text: |
+    Datadog has deployed TUF and in-toto into their pipeline! Read more [here](https://www.datadoghq.com/blog/engineering/secure-publication-of-datadog-agent-integrations-with-tuf-and-in-toto).
+- date: 2019-06-01
+  text: |
+    Our paper "in-toto: providing farm-to-table security properties for bits and bytes" was accepted into USENIX '19. More information [here](https://www.usenix.org/conference/usenixsecurity19/presentation/torres-arias).
+- date: 2019-02-13
+  text: |
+    We've worked alongside with Control Plane to make a test deployment of [Kubesec](https://kubesec.io/) using in-toto.
+- date: 2019-01-07
+  text: |
+    We released the first version of the [official in-toto Jenkins plugin](https://plugins.jenkins.io/in-toto). This provenance Agent will help you track and sign link metadata for any step within your pipeline in a secure and distributed way.
+- date: 2018-10-19
+  text: |
+    [Colin Domoney gave a talk on this year's DevSecCon London](https://www.devseccon.com/london-2018/session/supply-chain-achilles-heel/). He covered some of the fundamentals of in-toto to protect your cloud native deployment, as well as some other good supply-chain security practices. 
+- date: 2018-05-29
+  text: |
+    [Pacman 5.1 has been released](http://allanmcrae.com/2018/05/pacman-5-1-dont-use-the-force-luke/)! This new version adds support for reproducible builds, and includes a security check for tampered [git tag metadata](https://lists.archlinux.org/pipermail/pacman-dev/2017-September/022123.html).
+- date: 2018-05-17
+  text: |
+    A [LWN](https://lwn.net/Articles/754443/) article has been published, covering various supply chain security issues and their solutions, including grafeas, the update framework, and in-toto. 
+- date: 2018-05-02
+  text: |
+    We presented in-toto along with Grafeas at [Kubecon 2018](https://kccnceu18.sched.com/event/Dqtx/completely-securing-the-software-supply-chain-using-grafeas-in-toto-lukas-puehringer-nyu-wendy-dembowski-google-any-skill-level-slides-attached?iframe=yes&w=100%&sidebar=yes&bg=no#).
+- date: 2018-04-12
+  text: |
+    Grafeas mentioned in-toto integration plans on the [Google Cloud platform blog](https://cloudplatform.googleblog.com/2018/04/exploring-container-security-digging-into-Grafeas-container-image-metadata.html).
+- date: 2018-03-03
+  text: |
+    Our le-git-imate paper on improving the security of web-based Git repositories has been accepted at [ASIACCS 2018](http://asiaccs2018.org/?page_id=632)!
+- date: 2019-02-20
+  text: |
+    We will present an integration of in-toto and [Grafeas](https://grafeas.io) at [KubeCon + CloudNativeCon Europe 2018](https://kccnceu18.sched.com/event/Dqtx/completely) on May 2 in Copenhagen, Denmark.
+- date: 2017-10-17
+  text: |
+    A fix to our git tag metadata tampering attack paper ([USENIX '16](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/torres-arias)) has been included in the master branch of the pacman package manager and will be included in the next [release](https://git.archlinux.org/pacman.git/commit/?id=39319c1860d200a9b4a3cc2c6975e3cece502f2d).
+- date: 2017-08-10
+  text: |
+    Lukas presented in-toto at Debian's [Debconf 2017](https://debconf17.debconf.org/). You can watch the video of the talk [here](https://debconf17.debconf.org/talks/100/).
+- date: 2017-02-06
+  text: |
+    We presented a demo of in-toto at [Dockercon 2017](https://2017.dockercon.com). You can watch the video [here](https://www.youtube.com/watch?v=SNge7-t4JRE&index=34&list=PLkA60AVN3hh_nihZ1mh6cO3n-uMdF7UlV).
+- date: 2017-01-17
+  text: |
+    A fix to our git tag metadata tampering vulnerability was merged into git's master branch and will be available starting from [git v2.12](https://public-inbox.org/git/20170117233723.23897-1-santiago@nyu.edu/). You can read more about it in our [USENIX '16](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/torres-arias) paper. 
+- date: 2016-10-14
+  text: |
+    We presented a demo of in-toto in the [Docker Distributed System Summit](https://blog.docker.com/2016/10/docker-distributed-system-summit-videos-podcast-episodes/). You can watch the video [here](https://youtu.be/Aryr0O6H_2U?t=25m58s).
+- date: 2016-10-07
+  text: |
+    We are live! please check back soon for more updates.
diff --git a/hugo.yaml b/hugo.yaml
index 9a338d1..1525fc1 100644
--- a/hugo.yaml
+++ b/hugo.yaml
@@ -19,14 +19,6 @@ imaging:
   quality: 75
   anchor: smart
 
-menu:
-  main:
-    - name: in-toto website
-      weight: 40
-      url: https://in-toto.io
-      post: <sup><i class="ps-1 fa-solid fa-up-right-from-square fa-xs"
-        aria-hidden="true"></i></sup>
-
 languages:
   en:
     languageName: English
@@ -49,7 +41,7 @@ params:
     authors: >-
       in-toto Authors | Documentation Distributed under CC-BY-4.0[CC BY
       4.0](https://creativecommons.org/licenses/by/4.0)
-    from_year: 2018
+    from_year: 2020
   version: 0.10.0
   url_latest_version: https://in-toto.io/docs/
   github_repo: https://github.com/in-toto/in-toto.io
diff --git a/layouts/shortcodes/news.html b/layouts/shortcodes/news.html
new file mode 100644
index 0000000..4397a24
--- /dev/null
+++ b/layouts/shortcodes/news.html
@@ -0,0 +1,41 @@
+{{ $news := site.Data.news }}
+<style>
+  .container {
+      margin: auto;
+      padding: 20px;
+    }
+
+  .columns {
+    display: flex;
+    align-items: flex-start;
+    margin-bottom: 10px;
+  }
+  
+  .is-2 {
+      flex: 0 0 16.67%; /* Equivalent to 2 out of 12 columns */
+      font-weight: bold;
+      color: #555;
+    }
+
+  .column-content {
+    flex: 1;
+    margin-left: 20px;
+  }
+
+</style>
+<div class="container">
+  {{ range $news }}
+  {{ $date := dateFormat "January 2, 2006" .date }}
+  <div class="columns content is-medium">
+    <div class="column is-2">
+      <strong>
+        {{ $date }}
+      </strong>
+    </div>
+
+    <div class="column">
+      {{ .text | markdownify }}
+    </div>
+  </div>
+  {{ end }}
+</div>