This week we are continuing the deep dive into containers and how critical they are to the modern development cycle.

Chainguard is one of the most interesting cybersecurity startups right now in the industry, and their core business is all about reducing the risks associated with companies picking up images of software they want to deploy and then running into trouble because of undetected CVEs (Common Vulnerabilities and Exposures).

The key takeaway

For tech sales: The ideal time to join a startup is when they are starting to build momentum due to exceptional product-market fit but are not yet obvious to every single tech sales rep in the industry. Chainguard offers this opportunity right now, if you can handle the technical aspect of it.

For investors: There is an intersection of startups that get funded by both RedPoint (strong cloud infrastructure software expertise) and Sequoia (deep understanding of successful founders). It doesn’t look like there are private secondary share transfers, but at $255M raised, there should be some liquidity in that direction if they do a Series D.

Who is Chainguard and why does it matter?

Chainguard has a lot of similarities to Wiz - technical founders who have worked on this problem for a long time, significant pain that the product solves, funding from Sequoia and RedPoint, and a passionate customer community. More on the origin story:

In December 2020, SolarWinds reported that its network monitoring platform had been hacked by operatives suspected of working for Russian intelligence. The attackers had planted malware in SolarWinds’ code, which allowed them to access the data of thousands of SolarWinds’ clients, from Microsoft to the U.S. government. The hack exposed a critical flaw in the security of software supply chains. Just as in real-world manufacturing, software is assembled from components created by developers all over the world. At some point during SolarWinds’ development process, malicious actors inserted malware into two software updates, which were then installed by customers all around the world. SolarWinds’ data breach was a wake-up call. Without verifying the integrity of software at every stage of its lifespan this type of hack could and would happen again.

Moore had left Google earlier in the year, and Lorenc had called him every month since, hoping to convince him to return. Moore was one of the finest software engineers Lorenc knew, and if anyone could find a solution to supply chain security, it was him. That night, Moore’s text to Lorenc said he was ready to get back to work—but not at Google. “Let’s start a new company,” Moore texted. Lorenc didn’t need to think twice. He was in.

The next day, Lorenc put in notice at Google, bought a new laptop and began work on Chainguard, a company focused on software supply chain security. Although technically the company was born that night in Austin, Lorenc had been preparing for this moment for years.

Source: TechMagic

Now, in order to understand why Chainguard matters, we need to go back to our discussion around Docker and the importance of containers for deploying enterprise-grade software into production. The majority of software being used today (and we build B2B products on top) is open-source. More importantly, in a DevOps workflow, you would have multiple open-source products used by developers to perform a certain function or a closed-source product that is itself incorporating some of that open-source software.