Subscribe to the Kusari monthly newsletter

The Kusari Edge

May

2025

ICYMI: Noteworthy Headlines 🗞️

AI hallucinations spell trouble for software supply chains
Cyber experts weigh in on UK retail cyberattack; disruption continues ‍
Malware finds another backdoor hundreds of e-comm sites hacked

Latest from Kusari

The hidden risk that makes up the invisible majority of your applications - understanding and managing transitive dependencies
Hear us on the Open at Intel podcast: Demystifying cyber resilience and the tools that help
We think code is more important than identity when it comes to security
Begin with the end(point) in mind; endpoint security is supply chain security
Michael Lieberman had some useful observations from VulnCon 2025; read his conference recap

Upcoming Events 📣

We’re speaking about securing open source software; come see us:
- June 4 at Kubernetes Community Day in NYC -
  - Raising the Bar on Open Source Security with the Security Baseline | Michael Lieberman & Stephen Augustus, Bloomberg
- June 26 at OpenSSF Community Day in Denver -
  - The Open Source SDLC Control Plane: Building the Supply Chain Security Sandwich | Michael Lieberman & Eman Abu Ishgair, Purdue
  - Enhancing Supply Chain Security: Integrating Zarf and GUAC for Seamless SBOM Generation and Delivery | Brandt Keller, Defense Unicorns

What’s up with GUAC? 🥑

Miss what happened last month? Read the latest GUAC Update
Faster testing is better security; PyPI’s test suite is now 81% faster
Applications for the OpenSSF Mentorship Program are open through May 18

Resource of the Month ⚒️

The Security Insights Specification gives project maintainers an easy way to community important security information in a machine-readable format