Chainguard raises $50 million to secure enterprise software supply chains

Chainguard Inc., a startup founded by a group of ex-Google LLC engineers to help companies secure their apps, has raised $50 million in new funding.

chain guard announcement today’s funding cycle. Sequoia Capital led the investment with participation from more than 30 other investors, including information security chiefs from Block Inc., the company formerly known as Square Inc., and Google. Chainguard closed a $5 million funding round early in December.

Most enterprise applications include not only code developed in-house by a company’s engineers, but also components from the open source ecosystem. If a security flaw is discovered in one of the open source components of an application, the application may become vulnerable to cyberattacks.

Correcting vulnerabilities in a timely manner is a major challenge for businesses. A large company may have over hundreds of applications, each of which may contain several open source components. Manually detecting and correcting each security vulnerability requires considerable effort.

Vulnerabilities can appear not only in an application’s open-source components, but also in custom code that a company develops internally. In some malware campaigns, hackers make malicious changes to an application’s code to facilitate future cyberattacks.

Chainguard, based in Kirkland, Wash., develops tools that make it easier for companies to keep their software secure. Its first two offerings are Chainguard Enforce and Chainguard Images.

“Software supply chains (and supply chain attacks) are far too complex for a single solution to fully protect an organization,” Chainguard co-founder and CEO Dan Lorenc wrote in a post. communicated. blog post today. “Instead, we need holistic changes at every stage of the application lifecycle. That’s why we’re building a suite of products with the goal of making security simple for all developers.

Development teams often create a so-called software nomenclature for applications to help detect potential security issues. A software BOM provides data about the components included in an application, as well as the tools used to create it. Chainguard Enforce, Chainguard’s first tool, automatically generates this data to help development teams more effectively track the security of their code.

Chainguard Enforce can track the source code included in every software container created by a company. Once a container is deployed to production, the tool is able to monitor it for known software vulnerabilities.

Chainguard’s other product, Chainguard Images, debuted today alongside the startup’s funding announcement.

Developers often reuse software components such as operating systems in application projects. Chainguard Images is a collection of commonly used software components delivered as containers. According to Chainguard, each container has a software BOM and is compliant with cybersecurity standards such as the popular SLSA framework.

Chainguard images are cryptographically signed to further reduce cybersecurity risks. Cryptographic signing is a process that uses encryption technologies to prevent hackers from tampering with software code.

“Additionally, we offer SLAs for our images, guaranteeing that we will provide patches or mitigations for new vulnerabilities,” Lorenc detailed. Removing the need to implement patches manually can save developers a lot of time and effort.

Following its latest funding round, Chainguard plans to expand its product portfolio with additional cybersecurity tools. The startup will also launch a developer training program and support the development of several open source projects focused on securing software supply chains.

Image: Chain Guard

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Source link

About Cecil D. Ramirez

Check Also

Artificial Intelligence in Supply Chain Market Size, Scope, Revenue, Opportunities and Growth by 2028 – Shanghaiist

New Jersey, United States – Verified Market Research recently released a new report titled Artificial …