UPDATED 12:50 EST / OCTOBER 28 2021

SECURITY

Google employee startup Chainguard focuses on open-source and supply chain security

Supply chain attacks — a cyberattack that targets weaker elements in a company’s supply chain — are on the rise, with the European Union Agency for Cybersecurity predicting a four-fold increase in attacks in 2021.

In early October, a group of five former Google employees started Chainguard Inc., a startup focused on open-source supply chain security.

“The last couple of years, we’ve been worried about and focused on open-source security risk and supply chain security in general in software,” said Dan Lorenc (pictured, right), founder and chief executive officer of Chainguard. “At the beginning of this year, a bunch of attacks started happening … companies and governments are getting hit with supply chain attacks. So overnight, people started caring and being worried about what we’ve been doing for a while.”

Lorenc and Kim Lewandowski (pictured, left), co-founder of Chainguard, spoke with John Furrier and David Nicholson, co-hosts of theCUBE, SiliconANGLE Media’s livestreaming studio, during the recent KubeCon + CloudNativeCon NA event. They discussed security risks in open-source software, what’s changed in DevOps security, the future of Chainguard and more. (* Disclosure below.)

Knife in the cake

Even with the flexibility and potential of open-source software, it introduces a new, insidious security concern, according to Lewandowski.

“Would you pick up a thumb drive off the side of the street and plug it into your computer? Probably not,” she said. “But when you download an open-source package, that can give you more privileges and production environments, and it’s pretty scary.”

Chainguard will begin by keeping an eye on open-source projects and growing out the community. Sophisticated, state-of-the-art data centers with top-of-the-line security measures are still vulnerable to cyberattacks when the company runs on out-of-date hardware and software, according to Lorenc.

“It’s like the movies where instead of breaking into jail, they hide in the food delivery truck. That’s the metaphor that I like perfectly. The fence doesn’t work if you’re opening a truck,” he said.

The introduction of open-source software brings opportunities for malicious third-party packages, requiring developers to understand and maintain new dependencies, Lorenc and Lewandowksi concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of KubeCon + CloudNativeCon NA(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for KubeCon + CloudNativeCon NA 2021. Red Hat, the Cloud Native Computing Foundation and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU