A group for ex-Google software engineers has raised $5 million in seed funding for Chainguard, an early-stage startup tackling vexing problems associated with software supply chain security.
Chainguard, based in Kirkland, Wash., said the investment was led by Amplify Partners and will be used to create open-source technology to make the software supply chain secure by default.
The company was created by Dan Lorenc and Kim Lewandowski and the team that worked on Google’s major supply chain security initiatives — Sigstore and SLSA.
Sigstore is positioned as the Let’s Encrypt of open-source software code signing, providing the missing building blocks required for open source supply chain integrity while the SLSA framework provides a systematic approach for organizations to improve their security posture incrementally.
[ READ: Google Intros SLSA Framework to Enforce Supply Chain Integrity ]
Chainguard has not said much about its product plans outside of a promise to apply zero-trust principles to supply chain security to make the software lifecycle security by default.
In tandem with the $5 million cash infusion, the company also announced the creation of Chainguard Services, a plot program aimed at helping organizations address software supply chain attacks and insider risks.
“Meaningful security improvements require solutions for entire classes of bugs. We believe the best way to do that is to first learn by fixing a lot of them, one at a time,” Lorenc said, confirming that Chainguard’s strategy will be based on Sigstore and SLSA.
Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity
Related: Codecov Bash Uploader Dev Tool Compromised in Supply Chain Attack
Related: Everything You Need to Know About the SolarWinds Mega-Hack
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits
- Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million
- Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script
- Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns
- Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
- Cloud Forensics Startup Mitiga Completes $45M Series A
- Blackbaud Fined $3M For ‘Misleading Disclosures’ About 2020 Ransomware Attack
Latest News
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
