And we feel a responsibility to contribute.
We build open source projects and contribute to them.
We've dedicated our careers to building open source security tools because we believe in helping developers — from individual maintainers and contributors to massive enterprises. That's why we're so active in open source security solutions that work for the whole community.
Aggregates software security metadata into a high fidelity graph database to locate, store, analyze, and correlate software artifact data.
A minimum definition of security requirements for a project relative to its maturity level.
GitHub App that continuously monitors for adherence to security best practices.
Assess open source projects for security risks through a series of automated checks.
A security framework and checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure.
A centralized and curated data store for open source software licenses.
We contribute to the definitions, requirements, and government policies for what makes open source secure.
Contributing at the project level is just the start. We extend our expertise to guiding open source standards for the entire community to ensure security is prioritized and accessible for all. That's why we are so involved in the Open Source Security Foundation (OpenSSF) and many others that are hosted by the Linux Foundation.
Responsible for overall management of the OpenSSF and guides the organization in fulfilling its mission.
Develops the overall technical vision and provides oversight of the OpenSSF technical communities.
Help individuals and organizations assess and improve the security of end-to-end supply chains for open source software.
Facilitates collaboration to exchange and produce knowledge and resources for building security in the cloud native ecosystem. Guides technical strategy, best practices, and standards across the cloud-native ecosystem.
Governing Board & Technical Advisory Council — OpenSSF
TAG Security & Compliance Tech Lead — CNCF
Co-Creator & Lead Maintainer — GUAC
Maintainer — in-toto Attestation, in-toto golang
Maintainer — Open Source Project Security Baseline
OpenSSF Golden Egg Award Winner — 2025
We use and curate all of these open source tools and frameworks in our commercial solutions.
From open source to our own Kusari product. Most security products are built in a black box. Not Kusari. We take the best of open source security, add our unique expertise, then package that back to you for the clearest picture of how to fix any vulnerabilities in your code. Now you can get the enterprise features you need, curated from the expertise and unique perspective of leaders in open source security.
We contribute our time, talent and voice as open source security project maintainers, on working groups, reference architectures, white papers, and speaking engagements.