Securing Open Source Software with Dan Lorenc, Co-founder & CEO of Chainguard

Nov 2, 2023

Dan Lorenc, Co-founder and CEO of Chainguard, talks about the software supply chain and the vulnerabilities it poses. He discusses the history of open source software, the moment they decided to start Chainguard, and why they started selling consulting services before building a product. Dan also shares insights on their marketing strategy, raising funding, and the challenges and risks in open source software.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 4min

Software Supply Chain Security and Vulnerabilities

03:31 • 7min

Discovering and Addressing Software Vulnerabilities

10:40 • 21min

Building Relationships, Validating Value, and Navigating Enterprise Sales

31:26 • 2min

Launching Two Products in the Software Supply Chain Space

33:01 • 2min

Establishing Trust and Brand Recognition

34:53 • 11min

Raising Funds and Investor Dynamics

46:13 • 22min

Financial considerations, product delivery, and building customer relationships

01:08:34 • 2min

Challenges and Risks in Open Source Software

01:10:24 • 10min

Dan Lorenc is the Co-founder and CEO of Chainguard, the best way to secure your open source software. Dan and his co-founders Kim, Matt, and Ville started the company in 2021 after spending a decade working together at Google on all things open source and software security. They’ve since raised $116 million from investors including Spark (led Series B), Sequoia (led Series A), Amplify (led Seed), The Chainsmoker’s Mantis VC, Banana Capital, and dozens of angels in the cyber security and open source communities. — Topics discussed: What is the “software supply chain”? How the SolarWinds breach created the software supply chain security market The history of open source software Why open source software makes software supply chains even less secure The moment Dan and his co-founders decided to start Chainguard Why they started selling consulting services before even building a product The reason their first two products solved completely different problems (top-down and bottoms-up), and why the one that didn’t work at first is now their main business Why Chainguard decided to focus on a broad communications and marketing strategy so early on How Dan gets quoted in major media publications as an early stage startup founder Why Chainguard uses memes for marketing Why Dan thinks startups should “make content optimized for the group chat” How they raised their Seed round from Amplify a week after leaving Google Raising a Series A from Sequoia as the market started collapsing in Spring of 2022 Dan’s advice for founders on dealing with investor inbound when not fundraising Why he wish he hired sales reps sooner Raising a Series B from Spark Capital to accelerate their enterprise sales process — Referenced: https://www.chainguard.dev https://www.sigstore.dev/ Battling the Trojan Horse in Open Source: https://www.sequoiacap.com/article/dan-lorenc-chainguard-spotlight/ Chainguard Series B Announcement: https://www.chainguard.dev/unchained/series-b-funding Dan’s favorite open source project: https://github.com/jqlang/jq Reflections on Trusting Trust: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf — Where to find Dan: Twitter: https://twitter.com/lorenc_dan LinkedIn: https://www.linkedin.com/in/danlorenc — Where to find Turner: Newsletter: https://www.thespl.it Twitter: https://twitter.com/TurnerNovak Banana Capital: https://bananacapital.vc — Production and distribution by: https://www.supermix.io — Want to sponsor the show? https://docs.google.com/forms/d/e/1FAIpQLSebvhBlDDfHJyQdQWs8RwpFxWg-UbG0H-VFey05QSHvLxkZPQ/viewform