Stay up to date on our perspectives
GUAC blog
GUAC v0.8.0 is now available. This release brings support for license information, running vuln scans upon SBOM ingestion, node deletion, and many other improvements.
It's not enough to just have the data, you need to be able to see it.
Kusari blog
Only two months left until the Secure Software Development Attestation Form deadline
How you handle your dependencies will change how you secure your software supply chain
The Secure By Design Pledge is a great starting point, but it can’t be the end.
CVE IDs don't tell you much, but somehow we started using them as a proxy for security
Improving performance with pagination and more
Open source supply chain observability tool standardizes on PostgreSQL
Gone are the days when signing containers and running vulnerability scans through CI processes provided a sense of security.
The recent incident involving the XZ backdoor brings to light the critical importance of vigilance and proactive security measures, while not losing sight of the human element.
Today, we find ourselves in a moment akin to proud parents, as we witness a significant milestone in the journey of Graph for Understanding Artifact Composition (GUAC).
The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project.
Nathan Naveen, a 17-year-old high schooler, shares his journey to becoming an intern at Kusari
Kusari speaking at FOSDEM and other EU community venues
Kusari raises seed funding
Kusari elected to OpenSSF leadership roles
The missing first step that most organizations are still struggling with
GUAC's OpenVEX Integration
CVE-2023-38545 - HIGH Severity Vulnerability
Kusari have just launched a YouTube Channel!
A look into Guidewire's software supply chain security use case and why they are using GUAC
Helm Chart for GUAC
Tim appeared as a guest on the daBOM podcast.
Working towards determining a persistent database for GUAC
Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition.
We’re excited to announce the open-sourcing of Spector.
A Story of Software and Cats
Understanding Zero Trust and Its Benefits
What is Software Supply Chain security, and why should I care?
Heartbleed (CVE-2014-0160) in 2014 left the industry in a scramble...
KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person!
Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.
Executive Order (EO) 14028, Improving the Nation’s Cybersecurity was released last year in May.
There’s a misconception in Cybersecurity among some that Software Supply Chain Security is just Third Party Risk Mana...
Overview of the SPIFFE/SPIRE CSI Driver
Takeaways & Learnings