I am thrilled to announce our new company: Chainguard, Inc. on behalf of our founders: Matt Moore, Scott Nichols, Ville Aikas, Kim Lewandoswki, and myself - Dan Lorenc. We are making software supply chains secure by default. The rapid rise of software supply chain attacks in the last three years have shown that the software industry needs to change how we consume, build, deploy, and operate production code.
According to the latest Sonatype report, supply chain attacks have increased by 650% in 2021. The European Union predicted this trend will continue with another 4x rise this year. It is hard to see this trend slowing - Accenture estimated that there is a combined $5.2 trillion at risk to cybercrime today. The recent cybersecurity US Executive Order recognizes supply chain security as a threat to national infrastructure, but it places significant burdens on an already-taxed industry, with 92% of hiring managers unable to fill open source and cybersecurity related positions.
Security in software supply-chains must be holistic; it cannot be bolted on. The easy way must be the secure way. A large-scale shift in tooling is difficult - but the rapid adoption of cloud platforms, including Containers and Kubernetes, presents a unique opportunity. As we shift how code is run, we must also change how code is built and operated. Build systems are production systems, and they must be treated the same way.
At Chainguard, we believe that the best possible developer experience is one built on a foundation of security. Security is about awareness, and a deep awareness of exactly what code is running, where, and how it got there enables organizations to improve remediation, reliability, performance, and velocity.
We also believe the solution must be rooted in open source, standards, and communities. The software that companies ship is increasingly dominated by the open source libraries, frameworks, and runtimes they consume. Efforts like Let’s Encrypt to secure internet communication have shown that open standards, formats, tooling, and community, are extremely effective ways to drive industry-wide changes.
We have worked throughout the ecosystem since the early days of the container renaissance, including on technologies you likely use every day. Over the years we have led the creation of GCS, gcr.io, Minikube, Distroless, Skaffold, Knative, Tekton, Kaniko, ko, and most recently Sigstore and SLSA. We are maintainers at heart, and we will continue to contribute and lead across the ecosystem.
If you are not happy about the way your software gets to production, we are here to help! We are just getting started, but we would love to chat about anything related to developer experience and supply chain security. Reach out here for more information or if you would like to chat! We will also be at Kubecon North America October 10th through the 14th, so find us giving talks or around the exhibit hall.