Unveiling GUAC as an OpenSSF Incubating Project for Software Dependency Management

Takeaways & Learnings

Overview of the SPIFFE/SPIRE CSI Driver

There’s a misconception in Cybersecurity among some that Software Supply Chain Security is just Third Party Risk Mana...

Executive Order (EO) 14028, Improving the Nation’s Cybersecurity was released last year in May.

Understanding and maintaining your software supply chain can be a task that needs 24/7 vigilance.

KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person!

Heartbleed (CVE-2014-0160) in 2014 left the industry in a scramble...

What is Software Supply Chain security, and why should I care?

Understanding Zero Trust and Its Benefits

A Story of Software and Cats

We’re excited to announce the open-sourcing of Spector.

Kusari is excited to announce the v0.1 beta release of GUAC — Graph for Understanding Artifact Composition.

Working towards determining a persistent database for GUAC

Tim appeared as a guest on the daBOM podcast.

Helm Chart for GUAC

A look into Guidewire's software supply chain security use case and why they are using GUAC

Kusari have just launched a YouTube Channel!

CVE-2023-38545 - HIGH Severity Vulnerability

GUAC's OpenVEX Integration

The missing first step that most organizations are still struggling with

Kusari elected to OpenSSF leadership roles

Kusari raises seed funding

Kusari speaking at FOSDEM and other EU community venues

Nathan Naveen, a 17-year-old high schooler, shares his journey to becoming an intern at Kusari

The GUAC maintainers are pleased to announce the project has joined the Open Source Security Foundation (OpenSSF) as an Incubating Project.

The recent incident involving the XZ backdoor brings to light the critical importance of vigilance and proactive security measures, while not losing sight of the human element.

Gone are the days when signing containers and running vulnerability scans through CI processes provided a sense of security.

Open source supply chain observability tool standardizes on PostgreSQL

Improving performance with pagination and more

CVE IDs don't tell you much, but somehow we started using them as a proxy for security

The Secure By Design Pledge is a great starting point, but it can’t be the end.

How you handle your dependencies will change how you secure your software supply chain

Only two months left until the Secure Software Development Attestation Form deadline

It's not enough to just have the data, you need to be able to see it.

GUAC v0.8.0 brings support for license information, running vuln scans upon SBOM ingestion, node deletion, and many other improvements.

Actionable insights come from SBOMs plus additional information

Practical ways to protect against AI software attacks

v0.8.0 features new integration with ClearlyDefined

The White House commits $11 million to enhance our collective understanding of the challenges surrounding open source software.

Organizations often struggle to identify vulnerabilities and risks hidden within the layers of dependencies. Address it by using a holistic approach to software security.

Navigating modern software development is a complex challenge. Kusari’s aim is to make it easier.

Secure development starts with developers: bring forth the code masters

Addressing Common Vulnerabilities and Exposures (CVEs) is no longer optional—aiming to eliminate them is a critical priority for securing modern systems.

Amid the flurry of innovation and collaboration at last week's KubeCon North America, a critical theme emerged: the precarious state of open source security.

Open source software powers 96% of modern applications, but it comes with challenges. Companies can secure their supply chains by actively participating in the open source projects they rely on.

Rust is promising for addressing memory safety issues. Improving existing C/C++ toolchains will take time, but these steps help set a realistic path forward.

What are you defending against? From upstream dependencies to code repositories, threat modeling ensures you're prepared to mitigate risks, reduce vulnerabilities, and avoid costly compromises.

Software supply chain security is like a stack of turtles—each layer depends on the integrity of the one below it. Continuous vigilance is key to maintaining security all the way down.