Kusari Blog

From open source community to joining a start-up – while in high school

Nathan Naveen, a 17-year-old high schooler, shares his journey to becoming an intern at Kusari

Nathan Naveen

February 8, 2024

Nathan Naveen, a 17-year-old high schooler, shares his journey and experiences as a community contributor and becoming an intern at Kusari.


How did I get this opportunity?

I want to start with a quick mention, getting an opportunity like this isn't easy, but with a lot of persistence and effort, anyone can do this.

I’m in high school and have an affinity and passion for solving problems. My road to working on the open-source tool GUAC - Graph for Understanding Artifact Composition, and then Kusari, began with a desire to improve my skills. 

I spent countless hours on LeetCode, a platform for practicing algorithmic problems, where I have solved over 1000 problems. My parents helped me hone my fundamentals with rigorous practice, preparing me to start contributing to open-source projects on GitHub. Doing this allowed me to apply the algorithmic skills I had acquired to real-world projects.

One of the projects I contributed to was guacsec/guac, an open-source supply chain security tool that Kusari co-developed. My contributions to this project improved my coding skills and gave me a deeper understanding of open-source security.

After spending time in the community contributing to GUAC, I reached out to one of the top maintainers and co-founder of Kusari, Parth Patel, expressing my interest in an internship. Recognizing the effort I had put in, I was offered an opportunity at Kusari.

Key contributions to GUAC


A couple of my most impactful contributions to GUAC are implementing OpenVEX and a Restful API.

Implementing OpenVEX

One of the first tasks I was assigned was implementing OpenVEX, a standard for sharing information about vulnerabilities and exploits. 

This was a challenging task. I didn't know how to approach it at first, but with the guidance of my team, I was able to understand the intricacies of OpenVEX and successfully implement it (1, 2). Since this was one of my first tasks and experiences implementing a feature, the team first educated me about OpenVEX, what it was, and why it mattered so I had the full context.

The project taught me how to properly implement my algorithmic knowledge while creating a good design.

Enhancing Skills: Implementing REST API

One of the most significant tasks I undertook recently was implementing a REST API (https://github.com/guacsec/guac/pull/1452). This was a crucial project as REST APIs form the backbone of many modern web services. I learned about the principles of REST, how to design and implement APIs, and how they facilitate communication between different parts of a software system. 

This was important to me because I didn't know what a RESTful API was before. It's one of many examples of a completely new area I encountered and learned about.

The team at Kusari was instrumental in guiding me through this process, providing valuable insights and feedback that helped me complete the task.  

Learning and growing with Kusari

Throughout my time at Kusari, the team has been incredibly supportive. They not only guided me through complex tasks, but also encouraged me to learn and grow. I recently had a successful call for paper submission and gave a Lightning Talk at SupplyChainSecurityCon last July and blogged about it too. 

At Kusari, they foster an environment where questions are welcomed, and learning is continuous. In conclusion, my internship at Kusari has been extremely rewarding. I am grateful to the Kusari team for their guidance and support. I have gained invaluable knowledge and experience. Watch my progress as I continue learning and contributing to the field of supply chain security! 

Want to have a conversation about your software supply chain?

We’d love to hear from you.  Get in touch and we'll get back to you.

Say Hello
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.