Stacklok, a software security company, announced today the successful completion of its Series A funding round. The funding will be used to provide enterprise-grade security solutions to developers working with open-source software.
As the adoption of open-source technologies continues to increase, with open-source libraries contributing a significant portion of deployed code, the need for robust security measures becomes more pressing. Stacklok aims to address this need by leveraging open-source projects like sigstore to deliver enterprise-grade solutions.
Stacklok’s platform will integrate into common development environments, offering several key features. Firstly, it will help developers understand and mitigate risks in their day-to-day work by guiding their tool choices and managing code dependencies. Secondly, it will provide a tamper-proof ledger that generates “proof” of best practices followed by development teams. Finally, it will enable operations teams to make informed policy decisions regarding software deployment based on clear understanding of its production history, effectively bridging the gap between developers and operations.
The software security landscape has seen the rise of sophisticated exploits targeting the software supply chain. Stacklok aims to safeguard the integrity of the software supply chain and enable developers to operate with confidence, allowing them to focus on their core objective of writing code.
Craig McLuckie, CEO and co-founder of Stacklok, highlighted the urgency of the situation, stating that while software is revolutionizing industries, hostile actors pose a significant threat to the software industry’s survival. He expressed confidence in the innovative power of open-source communities, which will serve as a critical defense against these threats, ensuring ongoing innovation and growth for organizations.
By embracing Developer Security Posture Management (DSPM), enterprises can gain end-to-end provenance and insight into their software supply chain. This empowers them to mitigate risks, defend against attacks, and preserve the integrity of their digital assets. As software supply chain threats evolve, DSPM will play an increasingly vital role in safeguarding the software ecosystem and the organizations relying on it.
The Stacklok team consists of industry veterans with deep expertise in software security. Craig McLuckie, founder of Heptio and former VP R&D at VMware, brings a wealth of experience in driving innovation and growth in the industry. Luke Hinds, a renowned open-source security leader, has contributed significantly to projects like sigstore and the OpenSSF, with almost two decades of experience in developing open-source security software.
With the completion of its Series A funding, Stacklok is well-positioned to advance its mission of strengthening the security of the software supply chain. By leveraging open-source technologies, the company aims to enable developers to operate with confidence while ensuring the ongoing growth and resilience of the software industry.