Security Experts:

Ex-Googlers Snag $5 Million for Software Supply Chain Security Tech

A group for ex-Google software engineers has raised $5 million in seed funding for Chainguard, an early-stage startup tackling vexing problems associated with software supply chain security.

Chainguard, based in Kirkland, Wash., said the investment was led by Amplify Partners and will be used to create open-source technology to make the software supply chain secure by default.

The company was created by Dan Lorenc and Kim Lewandowski and the team that worked on Google’s major supply chain security initiatives -- Sigstore and SLSA.

Sigstore is positioned as the Let’s Encrypt of open-source software code signing, providing the missing building blocks required for open source supply chain integrity while the SLSA framework provides a systematic approach for organizations to improve their security posture incrementally. 

[ READ: Google Intros SLSA Framework to Enforce Supply Chain Integrity ]

Chainguard has not said much about its product plans outside of a promise to apply zero-trust principles to supply chain security to make the software lifecycle security by default.

In tandem with the $5 million cash infusion, the company also announced the creation of Chainguard Services, a plot program aimed at helping organizations address software supply chain attacks and insider risks. 

“Meaningful security improvements require solutions for entire classes of bugs. We believe the best way to do that is to first learn by fixing a lot of them, one at a time,” Lorenc said, confirming that Chainguard’s strategy will be based on Sigstore and SLSA. 

Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity

Related: Codecov Bash Uploader Dev Tool Compromised in Supply Chain Attack

Related: Everything You Need to Know About the SolarWinds Mega-Hack

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends. Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's career as a journalist includes bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.