Leadership to present on software supply chain security and Cyber Resilience Act compliance

KubeCon CloudNativeCon EU - Kusari, a software supply chain security startup, today announced the introduction of a new book, Securing the Software Supply Chain, and the company's participation in multiple speaking engagements at KubeCon CloudNativeCon Europe 2025 in London from April 1-4, 2025. The team will showcase Kusari Platform innovations and open source initiatives at Stand S482. Kusari is also co-hosting DevSecOnTheRocks, a premier networking event for the cloud native security community.

New Book by DevSecOps Community Experts

In writing Securing the Software Supply Chain, authors Michael Lieberman of Kusari and Brandon Lum of Google set out to help organizations enhance the way they secure their software development. This book is a comprehensive and essential resource that provides in-depth strategies and explanations for securing all aspects of the software supply chain, from upstream open source libraries to developer workstations and everything in between. Readers will learn how to analyze their current supply chain and make improvements with policies, automation, and monitoring. It is available now as a free eBook download on Kusari's website.

Commitment to Open Source

Kusari's technical experts welcome KubeCon EU participants to explore next-generation approaches to software supply chain security, centered around GUAC (Graph for Understanding Artifact Composition), OpenSSF's new Open Source Project Security Baseline, and CNCF's Security Technical Advisory Group Software Supply Chain Best Practices v2 white paper. Kusari team members are maintainers and contributors on these projects. With targeted attacks on development pipelines and new compliance regulations such as the EU's Cyber Resilience Act (CRA), it underscores the importance of securing software supply chains.

"As supply chain attacks continue to threaten organizations worldwide, Kusari is committed to delivering solutions that provide unprecedented transparency and security across the software development lifecycle," said Michael Lieberman, CTO Co-Founder of Kusari. "KubeCon EU offers an invaluable opportunity to connect with the cloud native community and share our expertise in building more secure software ecosystems."

Kusari Speaker Presentations

"Mind the Gap: Bridging Supply Chain Policy with Git-less GitOps and GUAC" Date/Time: Thursday, April 3 at 2:15 PM Speakers: Michael Lieberman (Kusari) and Andrew Martin (ControlPlane)

KEYNOTE: "Cutting Through the Fog: Clarifying CRA Compliance in Cloud Native" Date/Time: Friday, April 4 at 9:40 AM Speakers: Michael Lieberman (Kusari) and Eddie Knight (Sonatype)

"Why Don't We Have Both? Track Build- and Run-time Information for Security with Kubescape and GUAC" Date/Time: Friday, April 4 at 3:15 PM Speakers: Jeff Mendoza (Kusari) and Ben Hirschberg (ARMO)



DevSecOnTheRocks Community Party

Tuesday, April 1 at 6:00 PM at Good Hotel Royal Victoria Dock

Co-hosted by Kusari, ControlPlane, Cloudsmith, and Spacelift

Food, drinks, and networking with the cloud native security community

RSVP required

Attendees interested in learning more about Kusari's participation at KubeCon EU can visit https://www.kusari.dev/kubecon-eu for complete details.

About Kusari

Kusari was founded by three cybersecurity experts on a mission to bring transparency and security to the software supply chain. Backed by J2 Ventures, Glasswing Ventures, and Unusual Ventures, Kusari seeks to help organizations identify and quickly remediate supply chain vulnerabilities while powering secure development practices. The Kusari Platform provides a unified view of software supply chain risks, enabling organizations to pinpoint dependencies, prioritize vulnerabilities, and ensure compliance through actionable insights and automation. Kusari is an advocate of open source security as a creator and maintainer of GUAC, and holds positions of influence in the open source software security community.

