What's in the SOSS? An OpenSSF Podcast From Noise to Signal: Security Expertise and Kusari Inspector with Mike Lieberman
In this episode, CRob talks with Mike Lieberman from Kusari about the current state of open source security. They discuss the growing burden on maintainers from the "deluge" of noisy, low-quality vulnerability reports, often generated by AI tools, and the vital role of "a human in the loop." Mike introduces Kusari's tool, Inspector, explaining how it uses codified security expertise to process data from tools like OpenSSF Scorecard and SLSA, effectively filtering out false positives and giving maintainers only high-quality, actionable reports. They also dive into the design philosophy of "don't piss off the engineers" and share a vision for the future of security tooling that focuses on dramatically better user experience and building security primitives that are "secure by design.
Chapters:
00:06Introduction: The Biggest Challenge in Security Tooling
01:12Overwhelmed Maintainers: The Deluge of Low-Quality AI Reports
04:00Introducing Kusari's Inspector: How it Filters False Positives
08:40The Secret Sauce: Security Expertise and the Need for Reproducible Tests
12:03Meeting Engineers Where They Are: Design Choices to Reduce Maintainer Burden
18:16The Future of Open Source Security Tooling: Focusing on Better UX
22:19Call to Action: The Responsibility of Large Organizations
Episode links: