About Us

We're passionate about making open source software safer.

At Stacklok, we believe that the open source software supply chain represents one of the greatest technical treasures and sources of human innovation. We also see open source software as a tantalizing target for sophisticated hostile actors. Malware injection into the open source software supply chain is the most significant cyberthreat facing the software industry—and we want to help prevent it.

Our team's background is in creating, maintaining, and scaling open source systems, including Kubernetes and Sigstore. We're drawing on our expertise in open source and security to give developers and open source communities better tools to secure their software and manage external dependency risk.

Our Story

Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of Sigstore) founded Stacklok in 2023 with the goal of helping developers produce and consume open source software more safely.

As malicious attacks on open source software continue to grow in number and become more sophisticated (like the recent XZ Utils incident), governments and organizations are calling for increased security and protection against these attacks. Yet open source maintainers—who are often unpaid volunteers, with other full-time jobs—lack the time to stay up to speed on security best practices, and access to freely available tools that can proactively keep their software safe.

On the consumer side, traditional security tools geared toward enterprise developers to help them secure their open source dependencies are often focused on CVEs as the main threat vector. Those tools may not detect malicious, deprecated, or abandoned open source projects, or projects that aren't following recommended security practices.

These are the challenges Stacklok aims to help solve.

Our Virtues

We stand

We seek out the strengths in ourselves and one another and rely on those strengths to balance our mutual shortcomings.

We are moved
by our work

We believe that the good work we do has the potential to make the world a fundamentally safer place for our loved ones.

We are humble
but relentless

When we succeed we look out and see the contributions of others.

We find
truth in data

We are curious by nature and believe in the power of experimentation and incremental improvement.

Our Team

We're a global team that cares deeply about building, maintaining, and protecting open source software. We also care about building a great company where everyone's ideas and backgrounds are welcomed and respected. Also, we really like marmots.

Our Advisors

Stacklok's advisory team provides expert insight and hands-on guidance about our product and technology strategy.

Amol Kulkarni

Former Chief Product and Engineering Officer, CrowdStrike

Joe Beda

Co-Creator, Kubernetes

Life at Stacklok

We are doing important, interesting work at Stacklok, but topmost is the way we treat each other like human beings should. Sometimes, a list of ‘core values’ is entirely aspirational. Here at Stacklok it is a statement of fact.

Software Engineer

I was interested in supply chain security before joining, and I believe that we can make a difference in making software safer at Stacklok. Another reason I love working here is because we stay true to our culture. We’re unlike other startups that have a ‘work hard, burn fast’ attitude … we encourage respect, professionalism, and healthy boundaries.

Software Engineer

I joined Stacklok because I really believe in our innovative approach to security management. Working with colleagues that I trust, admire, and share the same work ethic made a difference. I love being part of a dynamic environment and working on an amazing project from the beginning.

Software Engineer