Thursday, 25 January 2024, Bengaluru, India
There is a threat to the software supply chain, consisting of the parts, tools, and procedures businesses utilize to create and release software.
(Image Source: https://siliconangle.com/)
A recent poll revealed that 88% of businesses think software supply chain security poses an “enterprise-wide risk” to their company and that the software supply chain security program in place at their companies isn’t as developed as it ought to be (65% of businesses). According to a different survey, the average number of supply chain breaches per organization rose by 25%, from about three occurrences in 2022 to four incidents in 2023.
As you point out, it is true that a variety of companies, both big and small, are addressing the issue of supply chain security. You would also be correct. However, Kusari, a recent addition, believes it can perform better with a team from the defense and financial services sectors.
Investors appear eager to follow through. Named after the Japanese medieval weapon kusari-fundo, Kusari raised $8 million this month through pre-seed and seed fundraising rounds in which J2 Ventures, Glasswing Ventures, and Unusual Ventures participated. According to co-founder and CEO Tim Miller, the funds will be used to expand Kusari’s software-as-a-service (SaaS) platform and increase the number of employees from eight to roughly fifteen.
In 2022, Miller, Parth Patel, and Michael Lieberman co-founded Kusari. While Patel was a senior cybersecurity systems engineer at Raytheon, Miller met Lieberman while serving as an engineering director at Citi before joining Kusari.
Miller claims that understanding which dependencies and software are used by a specific app or system at any one time inspired him, Lieberman, and Patel to develop Kusari.
To achieve this, Kusari uses the open-source Guac project, to which Miller, Lieberman, and Patel contributed, to determine which software supply chain components are most frequently utilized and to pinpoint exposures to potentially dangerous dependencies. Kusari, which Guac powers, can also identify who owns which apps inside an organization, verify that apps adhere to organizational policies, and identify software version changes.
In terms of remediation, Guac and Kusari can ascertain the “blast radius” of a malicious package or vulnerability and offer a strategy for fixing it together. Additionally, it can track the beginning of exploits, determining their introduction’s exact moment and location.
Miller believes that Kusari’s most formidable rivals are Snyk, Ox Security, and Legit Security. However, he highlights Kusari’s open-source methodology, which he considers distinctive.
He declared, “We have an open-source and SaaS business model.” Our initial plan was to use the open-source product to validate the technique; we will release our SaaS solution later this year. Technology decision-makers will be able to assess the state of their software supply chain and promptly identify any risks that remain ignored if we can drastically lower the cost and boost confidence in addressing software vulnerabilities.
Future features under development include a chatbot like ChatGPT that would enable users to “chat” with Guac (via Kusari) to examine and better understand an organization’s supply chain. An example would be asking queries like “Which running containers have such and such vulnerability?”
According to Miller, the group is trying to operate “lean” at the moment, concentrating on bringing on a “handful of experts” who can assist Kusari in expanding swiftly. Although the platform hasn’t launched yet, the startup plans to make it generally available later this year.
Miller continued, “The slowdown hasn’t affected us as much as others, but we are seeing some potential design partners pull back from collaboration as they focus on more critical business initiatives due to the slowdown.” Utilizing cutting-edge technology based on open source, we can expand and scale our platform at a reasonable cost.
(Information Source: Techcrunch.com)
