The Kusari Edge

December

2025

ICYMI: Noteworthy Headlines 🗞️

MITRE released the 2025 CWE Top 25, spotlighting the most dangerous software weakness categories underlying tens of thousands of vulnerabilities
Cybersecurity executives outline the top strategic priorities and emerging threat domains that will dominate CISO agendas next year
Upgrade React - there's a critical remote code execution flaw
Connect the dots between slopsquatting and dependency confusion —attack classes that expose cracks in how modern package managers and developer workflows handle trust

Scrutiny will intensify in 2026: build real software supply-chain resilience by understanding every step of your pipeline, says Kusari CEO Tim Miller
As climate-related financial risks surge, experts spoke with Forbes about building secure-by-design financial systems
Coding over the holiday break? Try the Kusari Pull Request Scanner - a free tool to check for errors and dependency issues and test out Kusari Inspector
Leaders sounded off about the reliance on community-built software; do you actively support the open source economy? We do!
Build your brain with Securing the Software Supply Chain - the comprehensive, 200+ page eBook from experts, Michael Lieberman of Kusari and Brandon Lum of Google

A sharp reminder that open source isn’t a free beer—it’s a puppy you commit to caring for with every dependency you adopt
GitHub Actions needs a true package manager; here’s why and what it would unlock for teams trying to build securely at scale
When a new vulnerability drops, GUAC helps answer your first question: Is this in my supply chain?
Have you seen the OpenSSF 2025 Annual Report? Get the details

Getting ready for the Cyber Resilience Act? The EU has published a fact sheet for CRA implementation