We all know the world runs on open source software and that, incredibly, companies that rely on it never need to worry about breaches, because every vulnerability is always patched easily and immediately…right? Right??

To the contrary, we’re grimly familiar with open source vulnerability exploitations, including Log4Shell among others, and the damage they caused. Why do these breaches keep happening? Because developers often pick software packages that have unpatched vulnerabilities, and patching them is slow and laborious. Fixing open source weak points is an endless process that most companies (understandably) just don’t have the resources to prioritize.

Talk about a textbook business-security pain point!

Credit: @lorenc_dan on X

Even among companies in our portfolio — as with many of the world’s leading enterprises — we’ve long noticed that manually patching these vulnerabilities remains an accepted ritual that saps precious time and resources from in-house teams. When you see the wheel being reinvented that often by so many, it’s usually a signal of a great opportunity.

Minimizing the surface areas for open source attacks

We believe that opportunity is Chainguard, a company with rabid customer love founded by experts in securing open source software. By creating a single destination for hardened versions of popular container images— the standalone, executable packages that include everything needed to run a piece of software — Chainguard minimizes the attack surfaces and makes building and running applications safer for all companies.

We’re investing in Chainguard’s $140 million Series C because we see its potential to become the default solution for developers to build secure software. Chainguard customers rave about how easy it is to plug and play, how much time and resources it frees up and Chainguard’s unbreakable commitment to the strictest levels of security.

Cyber attacks are an enduring fact of business. Companies can keep on doing the same things, at great expense: deploying in-house teams to manually patch open source vulnerabilities and hoping for the best. We think the better strategy is adopting Chainguard, as a rapidly growing number of iconic companies have, including GitLab, HPE, Checkmarx and others.

Chainguard’s team is also something special. Until we met the founding team at Chainguard, no developers we’ve ever talked to had expressed such joy about securing the world’s open source software. Enthusiasm counts.