New DevSecOps solution stores, augments and tracks SBOM data, plus builds a timeline view of what’s happening with each software component for greater security and compliance
Kusari, a software supply chain security startup, announced the release of the Kusari Platform. By ingesting Software Bill of Materials (SBOM) data – a list of all software components – the platform presents a timeline of the software to identify where impacts are likely to surface. In creating a single source of truth, Kusari is helping security, engineering, legal, finance, and regulatory teams gain visibility into their software, so they can quickly detect vulnerabilities, identify open source licensing issues, and conduct compliance checks.
“Kusari takes a proactive approach to security, focusing on understanding the software development lifecycle and correlating data to identify and address issues before they have an impact”
“Kusari takes a proactive approach to security, focusing on understanding the software development lifecycle and correlating data to identify and address issues before they have an impact,” said Tim Miller, CEO & Co-Founder of Kusari. “While companies are currently focused on scanning for issues after the build or simply storing their SBOMs, our platform helps them augment, track, correlate, distill, and use that data to see exactly what is happening and make decisions across their software ecosystem.”
Read More: SalesTechStar Interview with Andy Brabender, CRO of Rootstock Software
Software teams today work in many different environments, so it is difficult to aggregate all of the disparate information sources. Parsing through software data can take days, if not months, and often results in inaccurate analysis. Due to this complexity, most organizations ignore their software data, which can lead to major negative consequences. Licensing lawsuits and vulnerability compromises can result in intellectual property and huge financial losses. In fact, the global average cost of a data breach reached $4.88M in 2024 — a 10% increase over last year and the highest total ever.
Kusari designed the Kusari Platform to handle large amounts of SBOMs and other software metadata efficiently, with the ability to ingest years’ worth of information in a matter of minutes. The product aims to reduce the need for multiple security tools by providing a comprehensive solution for managing software components and vulnerabilities.
Kusari helps organizations gain visibility into the following areas:
- Vulnerabilities: With Kusari’s timeline view, security teams can easily attribute the current vulnerability path so remediated vulnerabilities don’t get lost as new ones arise. Kusari also helps them know in minutes, rather than weeks or months, if they are affected by a breach and to what degree so they can quickly move into a plan for the fix. Out of the box, the platform ranks and prioritizes issues, which gives security teams context for decision making.
- Licensing: Every piece of open source software has unique licensing requirements. By tracking licensing information and integrating with ClearlyDefined, part of the Open Source Initiative, Kusari provides accurate information on open-source licensing, helping organizations understand the legal implications of the software they use.
Read More: Measuring the Impact of Sales Enablement Initiatives – Tracking Key Metrics
- Compliance: Companies face new regulations requiring them to have SBOMs for their software, such as the CISA’s Secure Software Development Attestation Form, Executive Order 14028, the Federal Drug Administration’s updated provisions for medical device cybersecurity, and the Cyber Resilience Act. As more regulations arise, Kusari helps organizations prove that they understand what is happening in their software and that they are meeting regulatory requirements.
The Kusari platform builds upon open source software Graph for Understanding Artifact Composition (GUAC), which Kusari co-created and contributed to the OpenSSF. GUAC provides the ability to ingest software metadata like SBOMs, and Kusari adds insights in easy-to-use dashboards that show when vulnerabilities, license information, and version changes occurred, to provide better visibility and actionable insights. Kusari remains committed to the GUAC community as an active maintainer and supporting adoption with organizations like Adobe, Bloomberg, Google, Guidewire, Microsoft, Red Hat, Yahoo!, and others.