About Kusari

Build secure software from the start.

Speak with a founder
Commercial & open source partners Google Microsoft Intel Red Hat VMware Yahoo Citi DTCC Guidewire Roche Clear Alpha Purdue University
Why Kusari exists

Security you'll love, and your developers will too.

Tim Miller and Mike Lieberman spent years directing engineering teams at America's biggest banks. Parth Patel did the same in government defense agencies. Our three co-founders led teams under pressure to build software pipelines. Hurry up. Go faster. Now hold for that security approval.

Their teams desperately wanted to build securely and deploy on time. But despite their best efforts — and using every tool under the sun — they couldn't sift through the noise to get the security they needed in their workflow.

So they decided to build it themselves.

Now they're shaping how secure software should be built: quiet, transparent, contextual. Find and fix vulnerabilities early. Ship secure code fast. Prove you're in control.

Learn more about Kusari
Open source

Our founders guide open source.

We get open source security because we're there — in the heart of building for open source and guiding its future. We are actively involved in establishing open source standards and policies to make it better and more secure.

Because we help shape the standards that secure open source, you can trust our solutions are built on the same principles we champion across the community.

Explore our philosophy
Co-founders

The team behind Kusari.

Tim Miller
CEO, Co-Founder

Tim Miller

20+ years leading engineering teams

Tim Miller is co-founder and CEO of Kusari where he is committed to solving the supply chain security problem for software developers and security teams. He has more than 20 years of experience leading the engineering efforts in the financial industry where he focused on development and security of the mission-critical trading systems at organizations such as Citi, Mitsubishi UFJ Financial Group (MUFG), and Bridgewater Associates. Tim is a technical leader whose passion and curiosity for technology drives him and those around him to continually improve.

GitHub LinkedIn Read blog posts
Michael Lieberman
CTO, Co-Founder

Michael Lieberman

Industry influencer, OSS creator, 100+ conference talks

Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. He has extensive engineering and architecture expertise with an emphasis on cloud-native technologies and security and privacy use cases. Prior to Kusari, he held engineering leadership positions with Citi, Mitsubishi UFJ Financial Group (MUFG), and Bridgewater Associates. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF's Secure Software Factory Reference Architecture whitepaper. He is also co-chair of the Cloud Native Computing Foundation Financial Services User Group and an OpenSSF TAC and SLSA steering committee member.

GitHub LinkedIn Read blog posts
Parth Patel
CPO, Co-Founder

Parth Patel

5,800+ open source contributions on GitHub

Parth Patel is the co-founder and CPO of Kusari where he focuses on bringing transparency and security to the forefront of all projects. He is an engineering leader with more than 15 years of cybersecurity, DevOps, software development, and automation experience. Parth is an active member within the open-source community, serving as a co-creator and lead maintainer on the GUAC project, and a maintainer for the CNCF in-toto attestations, CNCF in-toto golang, and FRSCA projects. He has successfully led multiple consulting and development projects for modernization/migration, cloud adoption, and a secure software supply chain, including with government contractors where security was paramount.

GitHub LinkedIn Read blog posts
Backed by strategic investors
J2 Ventures Glasswing Ventures Unusual Ventures
$8M raised to make the software supply chain transparent and secure
Read our blog

Kusari in the news.

Forbes · September 18, 2025

Never Drop the SBOM — Why a Software Bill of Materials Pays Off

Software needs accountability. This is why the software bill of materials has become an integral element in modern software application development.

Read article
The New Stack · September 12, 2025

OpenSSF Experts Weigh in on CISA's SBOM Minimum Elements Update

There's long been a need to drill further down into exactly what a piece of software is made of — get insights from experts including Kusari's Michael Lieberman.

Read article
Podcast · July 15, 2025

Securing the Software Supply Chain & Fighting AI Slopsquatting

Mike Lieberman talks about his background in FinServ and DevOps security, AI slopsquatting and other threats, and securing the software supply chain.

Listen
Customer kudos

What developers and maintainers are saying.

"
Kusari Inspector is a really cool way of applying AI to solving a serious security problem. How many of you are reviewing the dependency update PRs? Let the LLM do the work for you.
Mihai MaruseacStaff Software Engineer, Google
"
Shout out to Kusari Inspector and its _very_ detailed report on pull requests. Keep it up!
Adolfo Garcia VeytiaFounder at Carabiner Systems and Kubernetes SIG Release Technical Lead
"
If you use GitHub and you do not have this for your PR review process, you are just doing it wrong, regardless of your risk appetite. Kusari Inspector gives clear, contextual security checks—right in your pull requests, boom!
Joseph SteinPrincipal Data Architect, SS&C Technologies
"
Kudos! I have been using Kusari Inspector for some of my projects and it's been awesome!
Anoop GopalakrishnanVice President of Engineering at Guidewire Software
"
I have to say, I used Claude to submit a PR to go-witness. Inspector found an issue (it wasn't generated by Claude but, Claude didn't fix it either). I just asked Claude to fix the issue Inspector found... and it did it.
John Kjellin-toto/Witness maintainer
"
I like seeing it identify new dependencies in my changes that I wasn't otherwise tracking closely and I appreciate some of the signal it surfaces to me (like licenses, inactivity, etc.). I suspect it'll be additionally useful if/when I do more work on zizmor's VS Code extension, since I'm not a JS expert and will be relying on tooling more to help me determine my dependency posture/exposure.
William WoodruffZizmor maintainer
Get started

The security you need, without the noise.

Book a demo