At Chainguard, we apply Zero-Trust principles to supply chain security to make the software lifecycle secure by default—and open source is key to this mission. That’s why we are thrilled to share that we are joining the Open Source Security Foundation (OpenSSF), the cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.
Supply chain security is increasingly important, the 2021 attacks have made it clear that it’s an industry problem that can only be addressed by everyone working together. Organizations not only have to worry about their internal software supply-chains, but are also vastly dependent on and incur the risk of open source they rely on and other vendors' supply chains. The entire practice of transferring code or artifacts relies on strict interoperability - so any solutions to supply-chain security must be open source. Securing open source supply chains will require a combination of automated tooling, best practices, education, and collaboration. We believe the OpenSSF will be the uniting force to lead this security movement.
Our founders started building the foundations for this open source security initiative a few years ago with Tekton, followed by Sigstore and SLSA, now both OpenSSF projects. Thanks to these technologies and communities, the industry is already making progress on the supply chain security front. We’re dedicated to these initiatives and want to continue driving them forward, including leading efforts for the Sigstore general availability later this year.
Chainguard leaders also have had a big role to play in launching the OpenSSF, and now, in leading it. Dan Lorenc, CEO of Chainguard, sits on the governing board and Technical Advisory Committee (TAC). He and Kim Lewandowski, Head of Product, also lead the OpenSSF’s Supply Chain Integrity Working Group.
"The Chainguard team represents some of the best talent in supply chain security and is contributing critical expertise to the OpenSSF community and industry at large," said Brian Behlendorf, executive director at Open Source Security Foundation (OpensSSF). "We're looking forward to deeper collaboration with this innovative company and new member."
“Making the software lifecycle secure by default is increasingly critical as open source has become the digital backbone of the world. A vibrant, open software security ecosystem is essential to that mission. We are excited to be members of the Open Source Security Foundation and to continue working with the community to make the software lifecycle secure by default,” said Tracy Miranda, Head of Open Source at Chainguard.
This is just the beginning and we’re excited to collaborate with other OpenSSF members to make the supply chains more secure!