As the software supply chain grows more complex, the gap between speed and security is finally beginning to close.

With rising threats and accelerating development cycles, companies are rethinking how they use open source, comply with evolving regulations and embed security directly into the coding process. The industry is converging on a new reality — one where accountability, usability and resilience must be built into the foundation of software systems from the start, according to Dan Lorenc (pictured), founder and chief executive officer of Chainguard Inc.

Chainguard’s Dan Lorenc talks with theCUBE about software supply chain.

“The whole shift left buzzword is really security teams running left, because that’s where all the work has now started to happen and they have to get farther upstream,” Lorenc said. “Now they’re working closer with development teams, they’re embedded, they’re working hand-in-hand and then you can get back to that … we’re not gatekeepers sitting on the other side of the wall.”

Lorenc and other software supply chain, scalability and security experts spoke with theCUBE’s Savannah Peterson and Jackie McGuire at the Chainguard Assemble event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Chainguard and its partners are reshaping software supply chain security by embedding trust and automation into development workflows, tackling infrastructure scalability challenges, and introducing continuous update strategies to reduce risk and improve resilience across modern enterprise systems. (* Disclosure below.)

Trust and toil: Tackling software supply chain risk from the inside out

Modern software supply chains demand more than fast iteration — they require thoughtful, end-to-end security that integrates with developer workflows. As attacks grow more sophisticated, engineering teams are turning to hardened virtual machines, secure libraries and automated tooling to reduce risk without introducing bottlenecks, according to Kim Lewandowski, co-founder and chief product officer of Chainguard, in an interview with theCUBE.

Chainguard’s Kim Lewandowski discusses software supply chain security with theCUBE.

“We knew we were going to be in the software supply chain security space, but hadn’t actually built any products yet,” she said. “See us here three and a half years later… it just makes me feel good inside, feeling like we’re helping them and we’re solving problems for them.”

This industry shift is being driven by a growing recognition that containers alone aren’t enough. Developers want secure-by-default environments where every element — from open-source dependencies to virtualized infrastructure — is vetted, hardened and maintained. The emergence of tools such as Chainguard Libraries and minimal VM images reflects this deeper commitment to safety at every level of the stack.

“You’re really standing on a treadmill that’s moving,” Lorenc said, during an interview with theCUBE. “If you stop moving and forget about it, you get flung off the back of the treadmill.”

Knocking down barriers in scaling enterprise computer vision and automation

Kit Merker, chief executive officer of Plainsight Technologies Inc., is clear about the biggest obstacle facing computer vision in the enterprise: cost. While many organizations have experimented with early vision AI projects, most hit a wall when it’s time to scale, Merker said, during an interview with theCUBE. The real challenge isn’t a lack of promising use cases — it’s the infrastructure demands that quickly become unsustainable.

Plainsight’s Kit Merker discusses enterprise computer vision.

“This is the number one issue for enterprise computer vision adoption,” he explained. “I think as a industry there is a treasure trove of data, of video data, vision data, that these enterprises have across many different industries and they’ve all invested to a one. All of a sudden, we’ve got to make it work with 1000x more data, more cameras. If you just do the simple back of the envelope and say, ‘OK. Well, I take number of cameras, times number of models, times number of GPUs equals an astronomical amount of money.’ Then, the project dies there and nobody knows what to do.”

That kind of scaling dilemma echoes across sectors — even in mission-critical fields such as defense, where innovation is equally constrained by complexity and cost.

Shift5 Inc.’s mission to secure U.S. defense systems demands both technical excellence and rigorous compliance. But red tape can slow down innovation — something Shaun McDonnell, director of platform engineering at Shift5, related firsthand during an interview with theCUBE. By partnering with Chainguard, the company eliminated hours of tedious, manual compliance work, freeing its engineers to focus on what truly matters: building secure systems that protect the nation.

“We had basically two people theoretically working full time on just getting rid of making our container images secure,” he said. “Now we have zero hours dedicated to making our container images secure. We’ve freed up two headcount to make our weapon systems more safe.”

Chainguard’s nano-update strategy changes how enterprises think about security

During Chainguard Assemble, theCUBE’s Peterson and Mcguire were joined by Chainguard’s Matt Moore, co-founder and chief technology officer, and Dustin Kirkland, vice president of engineering, to explore a major shift in how organizations manage software updates through Chainguard’s “nano-updates” — a continuous, incremental model that avoids the disruption of infrequent, large-scale overhauls. Moore described this as both a mindset and a practical evolution from outdated open-source habits, emphasizing the benefits of steady, small changes that keep systems — and teams — resilient and current.

Chainguard’s Dustin Kirkland and Matt Moore talk about Chainguard’s nano updates.

“You look at the traditional model of consuming open-source software where you sort of pretend for years at a time that nothing changes and then a couple of years later everything changes,” Moore said. “All of those things you were ignoring for all of that time all rush in at once, and it all breaks you at once. It basically takes out your organization trying to update it all. My favorite analogy for this … these tiny little updates are like brushing your teeth every day. Good hygiene.”

The benefits extend beyond technical upkeep to unlocking developer potential, according to Kirkland. With nano-updates, dev teams can stay current with tools and libraries, avoiding the productivity crash that comes with major system overhauls.

“What you’ve actually accumulated is years and years of tech debt, years and years of change,” he said. “You can’t get rid of some of those until you do a major upgrade. That major upgrade … it’s painful, it’s a root canal — the difference between stubbing your toe every day or breaking your leg once every two years and being in rehab for nine months.”

Securing the stack: Chainguard Libraries streamline trust from source to runtime

With decades of experience shaping foundational tools such as Maven and Maven Central, Jason van Zyl, software engineer at Chainguard, understands the complexity of modern software supply chains. Now at Chainguard, he’s focused on solving a longstanding challenge: how to make open-source libraries secure by default. Van Zyl talked with theCUBE about the newly announced Chainguard Libraries and how it aims to give developers confidence in what they’re building with — by securing every step from source to distribution.

Chainguard’s Jason van Zyl talks about Chainguard Libraries.

“Today, we announced Chainguard Libraries,” he said. “It’s part of the portfolio at Chainguard. We started with Chainguard Images. We announced Chainguard VMs today, and Libraries is the third part of that story. It focuses on trying to provide developers with what they need for developing applications and largely driven by customer demand. We hope that it rounds out what every customer needs to build every piece of software that they have inside their organization.”

In a separate interview with theCUBE, Kirkland broke down the core value of Chainguard’s evolving platform: a relentless focus on reducing the attack surface and giving customers clear, actionable visibility into their infrastructure. The company’s “rolling distro” approach, minimal container sizes and partnership with Datadog Inc. all contribute to a strategy built on rapid updates and precision remediation.

“Most of our customers have to pick and choose which vulnerabilities they’re going to address. For the most part, they’re able to address the most critical, the highest ones. But then there’s this long tail of mediums and lows that they’re not able to address until they upgrade,” Kirkland explained. “Instead, with the Chainguard approach, we’re updating these constantly all day, every day. Every day, there’s a new one that remediates the rest of the vulnerabilities that might’ve shown up yesterday.”

To watch theCUBE’s full coverage of Chainguard Assemble, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the Chainguard Assemble event. Neither Chainguard Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE