Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Ex-Googlers Snag $5 Million for Software Supply Chain Security Tech

A group for ex-Google software engineers has raised $5 million in seed funding for Chainguard, an early-stage startup tackling vexing problems associated with software supply chain security.

A group for ex-Google software engineers has raised $5 million in seed funding for Chainguard, an early-stage startup tackling vexing problems associated with software supply chain security.

Chainguard, based in Kirkland, Wash., said the investment was led by Amplify Partners and will be used to create open-source technology to make the software supply chain secure by default.

The company was created by Dan Lorenc and Kim Lewandowski and the team that worked on Google’s major supply chain security initiatives — Sigstore and SLSA.

Sigstore is positioned as the Let’s Encrypt of open-source software code signing, providing the missing building blocks required for open source supply chain integrity while the SLSA framework provides a systematic approach for organizations to improve their security posture incrementally. 

[ READ: Google Intros SLSA Framework to Enforce Supply Chain Integrity ]

Chainguard has not said much about its product plans outside of a promise to apply zero-trust principles to supply chain security to make the software lifecycle security by default.

In tandem with the $5 million cash infusion, the company also announced the creation of Chainguard Services, a plot program aimed at helping organizations address software supply chain attacks and insider risks. 

“Meaningful security improvements require solutions for entire classes of bugs. We believe the best way to do that is to first learn by fixing a lot of them, one at a time,” Lorenc said, confirming that Chainguard’s strategy will be based on Sigstore and SLSA. 

Advertisement. Scroll to continue reading.

Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity

Related: Codecov Bash Uploader Dev Tool Compromised in Supply Chain Attack

Related: Everything You Need to Know About the SolarWinds Mega-Hack

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights