Kusari is building a supply chain security platform on top of open source

The software supply chain, which consists of the components, libraries, and processes that companies use to develop and release software, is under threat.

According to a recent review, 88% of companies believe that software supply chain security poses an «enterprise-wide risk» to their organizations, while nearly two-thirds (65%) believe that their organizations’ software supply chain security program is not as mature as it should be. Separated poll found that the average number of supply chain breaches increased to about four incidents per company in 2023, up from about three incidents in 2022 — a 25% increase.

Now you might point out – and not wrongly – that there are a number of suppliers large and small that are addressing the challenge of supply chain security. And you wouldn’t be wrong. But the new entrant, Corsairshe thinks he can do better with a team that comes from the financial services and defense industries.

It seems that investors are ready to invest money. This month, Kusari — whose namesake is a Japanese feudal weapon kusari-fundo — has raised $8 million in pre-seed and seed funding rounds with participation from J2 Ventures, Glasswing Ventures and Unusual Ventures. The money will go toward building Kusari’s software-as-a-service (SaaS) platform, co-founder and CEO Tim Miller said, and growing the startup’s team from eight people to about 15.

«There’s a real lack of education around software supply chain management and the tools, specifications and standards within that space,» Miller told TechCrunch in an email interview. «The Kusari platform acts like a GPS for navigating supply chain issues, helping CIOs understand and understand the software risks they face — and helping DevOps people easily and automatically fix those issues.»

Recommended Article
AI vs. SaaS, EV charging, and a new $250 million fund

In 2022, Miller co-founded Kusari with Michael Lieberman and Partha Patel. Prior to Kusari, Miller was director of engineering at Citi, where he met Lieberman, while Patel was a senior cybersecurity systems engineer at Raytheon.

Miller says he, Lieberman and Patel were driven to start Kusari by a common problem: knowing what software and dependencies a given application or system is using at a given time.

«Being in the dark causes a lot of problems, like being slow to respond to security breaches, knowing if there are licensing or compliance issues, and even basic maintenance like ‘Who do I contact if this breaks?'» Miller said. «We founded Kusari to bring transparency and security to software supply chains by making it easier to reason about what’s in an organization’s software—and show you what to do about it.»

To that end, Kusari uses the open source project Guac — contributed by Miller, Lieberman and Patel — to find the most commonly used components in the software supply chain and identify exposures to risky dependencies. Kusari — powered by Guac — can also determine ownership of applications in an organization, ensure applications meet organizational policies, and determine changes between different software versions.

In terms of remediation, Guac — and Kusari by extension — can determine the «blast radius» of a bad package or vulnerability and provide a plan to patch them. It can also trace the point of origin of exploits, pinpointing when – and where – they were introduced.

Miller sees Legal security, Ox Security and Snyk as Kusari’s most formidable competitors. But he emphasizes Kusari’s approach to open source, which he believes is unique.

Recommended Article
Watch: New Atlas robot stuns experts in first reveal from Boston Dynamics

«We have an open source plus SaaS business model,» he said. “Our initial strategy was to bring access validation through an open source product; our SaaS product will be released later this year. We believe we can significantly reduce the cost of addressing software vulnerabilities while increasing confidence in it, enabling technology decision makers to understand the health of their software supply chain and quickly identify if there are any outstanding risks.”

Future capabilities in the works include a ChatGPT-like chatbot that will allow users to «talk» to Guaco (via Kusari) to review and better manage an organization’s supply chain, for example by asking questions like «Which running containers have such-and-such vulnerability? «

Miller says the team is trying to work «lean» for now, focusing on hiring «a handful of experts» who can help Kusari build quickly. The platform hasn’t launched yet — but the startup is planning for general availability later this year.

“As a result of the slowdown, we’re seeing some potential design partners pull back a bit from collaboration as they focus on more critical business initiatives,” Miller added, “but the slowdown hasn’t affected us as much as others. We use the latest and greatest technology built on open source to make building and scaling our platform cost-effective.”

#Kusari #building #supply #chain #security #platform #top #open #source

What do you think?

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

GIPHY App Key not set. Please check settings

Orios Venture returns INR 300 to Fund I investors

How asset management companies can avoid falling behind and losing clients