February 8, 2024
Nathan Naveen, a 17-year-old high schooler, shares his journey and experiences as a community contributor and becoming an intern at Kusari.
I want to start with a quick mention, getting an opportunity like this isn't easy, but with a lot of persistence and effort, anyone can do this.
I’m in high school and have an affinity and passion for solving problems. My road to working on the open-source tool GUAC - Graph for Understanding Artifact Composition, and then Kusari, began with a desire to improve my skills.
I spent countless hours on LeetCode, a platform for practicing algorithmic problems, where I have solved over 1000 problems. My parents helped me hone my fundamentals with rigorous practice, preparing me to start contributing to open-source projects on GitHub. Doing this allowed me to apply the algorithmic skills I had acquired to real-world projects.
One of the projects I contributed to was guacsec/guac, an open-source supply chain security tool that Kusari co-developed. My contributions to this project improved my coding skills and gave me a deeper understanding of open-source security.
After spending time in the community contributing to GUAC, I reached out to one of the top maintainers and co-founder of Kusari, Parth Patel, expressing my interest in an internship. Recognizing the effort I had put in, I was offered an opportunity at Kusari.
A couple of my most impactful contributions to GUAC are implementing OpenVEX and a Restful API.
One of the first tasks I was assigned was implementing OpenVEX, a standard for sharing information about vulnerabilities and exploits.
This was a challenging task. I didn't know how to approach it at first, but with the guidance of my team, I was able to understand the intricacies of OpenVEX and successfully implement it (1, 2). Since this was one of my first tasks and experiences implementing a feature, the team first educated me about OpenVEX, what it was, and why it mattered so I had the full context.
The project taught me how to properly implement my algorithmic knowledge while creating a good design.
One of the most significant tasks I undertook recently was implementing a REST API (https://github.com/guacsec/guac/pull/1452). This was a crucial project as REST APIs form the backbone of many modern web services. I learned about the principles of REST, how to design and implement APIs, and how they facilitate communication between different parts of a software system.
This was important to me because I didn't know what a RESTful API was before. It's one of many examples of a completely new area I encountered and learned about.
The team at Kusari was instrumental in guiding me through this process, providing valuable insights and feedback that helped me complete the task.
Throughout my time at Kusari, the team has been incredibly supportive. They not only guided me through complex tasks, but also encouraged me to learn and grow. I recently had a successful call for paper submission and gave a Lightning Talk at SupplyChainSecurityCon last July and blogged about it too.
At Kusari, they foster an environment where questions are welcomed, and learning is continuous. In conclusion, my internship at Kusari has been extremely rewarding. I am grateful to the Kusari team for their guidance and support. I have gained invaluable knowledge and experience. Watch my progress as I continue learning and contributing to the field of supply chain security!
The latest industry news, interviews, technologies, and resources.
Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.