A group for ex-Google software engineers has raised $5 million in seed funding for Chainguard, an early-stage startup tackling vexing problems associated with software supply chain security.
Chainguard, based in Kirkland, Wash., said the investment was led by Amplify Partners and will be used to create open-source technology to make the software supply chain secure by default.
The company was created by Dan Lorenc and Kim Lewandowski and the team that worked on Google’s major supply chain security initiatives — Sigstore and SLSA.
Sigstore is positioned as the Let’s Encrypt of open-source software code signing, providing the missing building blocks required for open source supply chain integrity while the SLSA framework provides a systematic approach for organizations to improve their security posture incrementally.
[ READ: Google Intros SLSA Framework to Enforce Supply Chain Integrity ]
Chainguard has not said much about its product plans outside of a promise to apply zero-trust principles to supply chain security to make the software lifecycle security by default.
In tandem with the $5 million cash infusion, the company also announced the creation of Chainguard Services, a plot program aimed at helping organizations address software supply chain attacks and insider risks.
“Meaningful security improvements require solutions for entire classes of bugs. We believe the best way to do that is to first learn by fixing a lot of them, one at a time,” Lorenc said, confirming that Chainguard’s strategy will be based on Sigstore and SLSA.
Related: Google Intros SLSA Framework to Enforce Supply Chain Integrity
Related: Codecov Bash Uploader Dev Tool Compromised in Supply Chain Attack
Related: Everything You Need to Know About the SolarWinds Mega-Hack