The Kusari Edge

• The White House unveils its AI Action Plan; check out Kusari CEO Tim Miller’s take on what it means for secure, trustworthy AI
• Python Package Index (PyPI) boosts security by checking for expired email domains, after several malicious packages were found earlier this year
• Gemini CLI flaw let hackers slip malicious code into README files
• Buried under too many GitHub notification emails? New headers make it easier to filter your mail

• Secure open source dependencies and stay ahead of new regulations
• Kusari tackles the biggest challenges in cloud-native security, as outlined by The New Stack
• Most Gen AI pilots are failing, according to MIT; why build your own AI security tool when Kusari Inspector code security analysis is fast, reliable, and free to try right now

• August 25-27 | Open Source Summit in Amsterdam
  • Prepare for the CRA Expert Panel | Michael Lieberman, Amanda Brock, OpenUK, Eddie Knight, Sonatype & Andy Martin, ControlPlane
• August 28 | OpenSSF Community Day in Amsterdam
  • Keynote: Improving Security Data with ORBIT | Ben Cotton & Eddie Knight, Sonatype
  • GUAC & Trustify: Building a Common Supply Chain Knowledge Graph | Ben Cotton & Dejan Bosanac, Red Hat
    
• September 10 | Kusari Livestream - Vulnerabilities: Gone in 30 Days

‍

• GUAC Visualizer v0.6.0 is now available; check out the improvements and our testing of GitHub's Immutable Releases feature (currently in private preview).
• The GUAC community recently assessed itself against the Open Source Project Security Baseline. The result? Validation in an hour!
• Get involved in OpenSSF working groups - we’re partial to the Supply Chain Integrity working group - join the mailing list and the next meeting: August 27 at 9am Pacific → https://lists.openssf.org/g/openssf-supply-chain-integrity

• Opengrep provides static analysis to catch security issues in 30+ programming languages