Kleiner Perkins

Kleiner Perkins is committed to respecting and protecting your privacy; please contact [email protected] with any questions regarding our privacy practices.

© 2024 Kleiner Perkins

Chainguard: The safe source for open source

Open source software’s (OSS) indispensable position in the software supply chain has never been more evident — 90% of codebases contain OSS, and the number of OSS files in the average application has tripled in the last three years. But with increasing ubiquity and explosive growth comes a larger attack surface for threat actors: in 2024 approximately 40,000 common vulnerabilities and exposures (CVEs) were identified. The number has grown 5X over the last decade, driven largely by OSS.

The default response from organizations has been to staff teams of engineers who “track and patch” CVEs, but these teams face an uphill battle against an ever-growing backlog of vulnerabilities. As the expansion of attack surface area outpaces many teams’ coverage abilities, the probability of another large-scale attack rises. This is an urgent, high visibility problem across organizations of all sizes, in all sectors, that still lacks a solution. Or rather lacked a solution, before the emergence of Chainguard.

Led by Dan Lorenc and a team of OSS veterans, Chainguard’s approach is elegant in its simplicity: build and maintain a catalog of secure, lightweight versions of OSS (starting with container images), and deliver these safe and efficient versions directly to customers. Chainguard becomes their customers’ safe source for open source, empowering them to leverage OSS without fear of vulnerabilities and the headache of constant “track and patch” maintenance. Today, their catalog includes 1,400+ secure container images, delivering an 80% reduction in attack surface, 97% fewer CVEs, and saving customers countless engineering hours.

To drive their simple & intuitive product experience, Chainguard abstracts away immense operational complexity in what they’ve dubbed the Chainguard Factory. Leveraging infrastructure & tooling they’ve built in-house, the Chainguard team builds vulnerability-free OSS from source and continuously maintains it, releasing patched versions when new CVEs are discovered often faster than the project maintainers themselves. The Chainguard Factory also enables the company to rapidly expand their platform capabilities to service other forms of OSS beyond containers. In March, at the inaugural Chainguard Assemble event, they announced Chainguard Libraries and Chainguard VMs, building further towards becoming the safe source for (all) open source.

We are thrilled to be partnering with Chainguard and leading their Series D. Chainguard believes security should not stand in the way of innovation, and we could not agree more. If their vision speaks to you, they are hiring across roles.

— Ev, Mamoon & Lucas