In this episode, CRob talks with Mike Lieberman from Kusari about the current state of open source security. They discuss the growing burden on maintainers from the "deluge" of noisy, low-quality vulnerability reports, often generated by AI tools, and the vital role of "a human in the loop." Mike introduces Kusari's tool, Inspector, explaining how it uses codified security expertise to process data from tools like OpenSSF Scorecard and SLSA, effectively filtering out false positives and giving maintainers only high-quality, actionable reports. They also dive into the design philosophy of "don't piss off the engineers" and share a vision for the future of security tooling that focuses on dramatically better user experience and building security primitives that are "secure by design.

Chapters:

00:06Introduction: The Biggest Challenge in Security Tooling

01:12Overwhelmed Maintainers: The Deluge of Low-Quality AI Reports

04:00Introducing Kusari's Inspector: How it Filters False Positives

08:40The Secret Sauce: Security Expertise and the Need for Reproducible Tests

12:03Meeting Engineers Where They Are: Design Choices to Reduce Maintainer Burden

18:16The Future of Open Source Security Tooling: Focusing on Better UX

22:19Call to Action: The Responsibility of Large Organizations

Episode links:

• Michael Lieberman’s LinkedIn page
• Learn more about Kusari Inspector
• Get involved with the OpenSSF
• Subscribe to the OpenSSF newsletter
• Follow the OpenSSF on LinkedIn