Our blog

Stay up to date on our perspectives

Filter by

Clear all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

GUAC blog

Announcing GUAC v0.8.0: License Data Integration, Immediate Vuln Scans, and Streamlined Node Deletion

GUAC v0.8.0 is now available. This release brings support for license information, running vuln scans upon SBOM ingestion, node deletion, and many other improvements.

July 25, 2024
Parth Patel

GUAC blog

Achieving Wisdom with GUAC Visualizer

It's not enough to just have the data, you need to be able to see it.

July 23, 2024
Ben Cotton

Meeting Federal Software Supply Chain Mandates

Only two months left until the Secure Software Development Attestation Form deadline

July 11, 2024
Parth Patel

To Fork or Not to Fork

How you handle your dependencies will change how you secure your software supply chain

June 27, 2024
Ben Cotton

Kusari Signs the Secure by Design Pledge

The Secure By Design Pledge is a great starting point, but it can’t be the end.

June 12, 2024
Tim Miller

Counting CVEs Was Never Enough

CVE IDs don't tell you much, but somehow we started using them as a proxy for security

June 6, 2024
Ben Cotton

GUAC blog

Another Turn of the Page: GUAC v0.7.0 Released

Improving performance with pagination and more

June 4, 2024
Parth Patel

GUAC blog

Graph for Understanding Artifact Composition (GUAC) adds persistent storage in v0.6.0 release

Open source supply chain observability tool standardizes on PostgreSQL

May 6, 2024
Jeff Mendoza
Dejan Bosanac

Proactive Security in the Post-Log4j Era

Gone are the days when signing containers and running vulnerability scans through CI processes provided a sense of security.

April 23, 2024
Tim Miller

XZ Backdoor: Software Security Lessons

The recent incident involving the XZ backdoor brings to light the critical importance of vigilance and proactive security measures, while not losing sight of the human element.

April 5, 2024
Michael Lieberman

Unveiling GUAC as an OpenSSF Incubating Project for Software Dependency Management

Today, we find ourselves in a moment akin to proud parents, as we witness a significant milestone in the journey of Graph for Understanding Artifact Composition (GUAC).

March 7, 2024
Parth Patel
Michael Lieberman

GUAC blog

Graph for Understanding Artifact Composition (GUAC) Joins OpenSSF as Incubating Project

The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project.

March 7, 2024
Michael Lieberman
Brandon Lum

From Open Source Community to Joining a Start-up – while in High School

Nathan Naveen, a 17-year-old high schooler, shares his journey to becoming an intern at Kusari

February 8, 2024
Nathan Naveen

Kusari Soaks up Community at FOSDEM and Beyond

Kusari speaking at FOSDEM and other EU community venues

January 26, 2024
Jeff Mendoza

Our $8M Funding Round Fuels our Mission to Make the Software Supply Chain Transparent and Secure

Kusari raises seed funding

January 18, 2024
Tim Miller

Contributor to Leader: Securing Open Source Software at OpenSSF

Kusari elected to OpenSSF leadership roles

January 16, 2024
Michael Lieberman

What the NSA Missed in its SBOM Management Recommendations

The missing first step that most organizations are still struggling with

December 22, 2023
Parth Patel

GUAC blog

Spooky Enhancements: Unveiling GUAC's OpenVEX Feature

GUAC's OpenVEX Integration

October 31, 2023
Nathan Naveen

GUAC blog

Terror of cURL - Preparation is Half the Battle

CVE-2023-38545 - HIGH Severity Vulnerability

October 16, 2023
Parth Patel

Announcing the Kusari YouTube Channel and GUACademy

Kusari have just launched a YouTube Channel!

August 23, 2023
Jeff Mendoza

GUAC blog

Case Study: A discussion with Guidewire on GUAC

A look into Guidewire's software supply chain security use case and why they are using GUAC

August 2, 2023
Michael Lieberman

GUAC blog

Announcing Helm Chart for GUAC

Helm Chart for GUAC

July 12, 2023
Tim Miller

daBOM Podcast with Tim & DJ

Tim appeared as a guest on the daBOM podcast.

July 5, 2023
Tim Miller

GUAC blog

Quest to determine the 'G' in GUAC

Working towards determining a persistent database for GUAC

June 27, 2023
Parth Patel

GUAC blog

GUAC v0.1 Beta Release

Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition.

May 23, 2023
Tim Miller

Kusari Open-Sources Spector

We’re excited to announce the open-sourcing of Spector.

April 26, 2023
Michael Lieberman

Figure Out Who's Lurking in Your Supply Chain With Signatures and Attestations

A Story of Software and Cats

April 4, 2023
Michael Lieberman

Applying Zero Trust to the Software Supply Chain

Understanding Zero Trust and Its Benefits

March 28, 2023
Michael Lieberman

Kusari's Software Supply Chain Security Overview

What is Software Supply Chain security, and why should I care?

March 14, 2023
Michael Lieberman

The Next Heartbleed?

Heartbleed (CVE-2014-0160) in 2014 left the industry in a scramble...

October 31, 2022
Parth Patel

Kusari presenting at KubeCon and Cloud Native SecurityCon NA 2022

KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person!

October 21, 2022
Parth Patel

A High Fidelity View of Software Supply Chain

Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.

October 20, 2022
Michael Lieberman

Government Memo for Enhancing the Security of the Software Supply Chain

Executive Order (EO) 14028, Improving the Nation’s Cybersecurity was released last year in May.

September 19, 2022
Parth Patel

Not Just Third Party Risk

There’s a misconception in Cybersecurity among some that Software Supply Chain Security is just Third Party Risk Mana...

July 20, 2022
Michael Lieberman

GUAC blog

SPIFFE/SPIRE CSI Driver

Overview of the SPIFFE/SPIRE CSI Driver

June 27, 2022
Parth Patel

Open Source Summit 2022

Takeaways & Learnings

June 23, 2022
Tim Miller