Mike Lieberman from Kusari joins the OpenSSF podcast to discuss the growing problem of low-quality, AI-generated vulnerability reports overwhelming open source maintainers. He introduces Kusari Inspector, a tool that codifies security expertise by running tools like OpenSSF Scorecard and SLSA, filtering false positives, and delivering only actionable findings to maintainers. The conversation covers the design philosophy of reducing maintainer burden ('don't piss off the engineers'), the importance of reproducible vulnerability reports, and a vision for the future where security primitives are baked into tools and security tooling prioritizes user experience. Inspector is free for CNCF and OpenSSF projects.
Sort: