Subscribe to the Kusari monthly newsletter

The Kusari Edge

April

2025

ICYMI: Noteworthy Headlines 🗞️

AI-powered coding tools are inadvertently suggesting non-existent packages, leading to a new attack vector known as "slopsquatting"
A recent UK government report underscores the need for stronger best practices in managing open-source software and supply chain risks‍
The Chinese state-linked hacking group, Brass Typhoon (APT 41), evolves its tactics

Latest from Kusari

AI models are software too — and they come with dependencies; apply security principles to machine learning artifacts
Walk through our Platform Views features to see how we provide actionable insights into dependency risk, artifact provenance, and more
Read our four-part blog series on practical SBOM creation; this post demystifies the “why” behind SBOMs and how to get started

Upcoming Events 📣

Thursday, April 24, 11am Pacific / 2pm Eastern | Register to hear from an expert panel about How to Use Open Source Project Security Baseline — a lightweight framework to help maintainers and contributors improve the security posture of their projects

What’s up with GUAC? 🥑

See how GUAC integrates with Kubescape to surface rich, contextual insights across your Kubernetes environment
Miss what happened last month? Read the latest GUAC Update ‍
The Update Framework (TUF) ensures secure delivery of open source updates across ecosystems; learn why it’s a powerful complement to GUAC

Resource of the Month ⚒️

Kusari released 200-page eBook, Securing the Software Supply Chain; download it for free and dive into secure modern software development
The Open Source Funding Toolkit is a practical, spreadsheet-based resource to help organizations track, justify, and optimize their financial support for open source