Stacklok Insight is a free-to-use web app that provides data and scoring on the supply chain risk for open source packages.
At Stacklok, we believe that the open source software supply chain represents one of the greatest technical treasures and sources of human innovation. We also see open source software as a tantalizing target for sophisticated hostile actors. Malware injection into the open source software supply chain is the most significant cyberthreat facing the software industry—and we want to help prevent it.
Our team's background is in creating, maintaining, and scaling open source systems, including Kubernetes and Sigstore. We're drawing on our expertise in open source and security to give developers and open source communities better tools to secure their software and manage external dependency risk.
Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of Sigstore) founded Stacklok in 2023 with the goal of helping developers produce and consume open source software more safely.
As malicious attacks on open source software continue to grow in number and become more sophisticated (like the recent XZ Utils incident), governments and organizations are calling for increased security and protection against these attacks. Yet open source maintainers—who are often unpaid volunteers, with other full-time jobs—lack the time to stay up to speed on security best practices, and access to freely available tools that can proactively keep their software safe.
On the consumer side, traditional security tools geared toward enterprise developers to help them secure their open source dependencies are often focused on CVEs as the main threat vector. Those tools may not detect malicious, deprecated, or abandoned open source projects, or projects that aren't following recommended security practices.
These are the challenges Stacklok aims to help solve.
We seek out the strengths in ourselves and one another and rely on those strengths to balance our mutual shortcomings.
We believe that the good work we do has the potential to make the world a fundamentally safer place for our loved ones.
When we succeed we look out and see the contributions of others.
We are curious by nature and believe in the power of experimentation and incremental improvement.
We're a global team that cares deeply about building, maintaining, and protecting open source software. We also care about building a great company where everyone's ideas and backgrounds are welcomed and respected. Also, we really like marmots.
Stacklok's advisory team provides expert insight and hands-on guidance about our product and technology strategy.
Former Chief Product and Engineering Officer, CrowdStrike
Former Chief Product and Engineering Officer, CrowdStrike
Amol Kulkarni has over two decades of product and software engineering experience. Until August 2023, he was Chief Product and Engineering Officer of CrowdStrike, a global cybersecurity leader, and prior to that, as the company’s Senior Vice President of Engineering and Products. Before joining CrowdStrike in 2014, Amol held various product and software leadership roles for 14 years at Microsoft.
Amol currently serves on the board of directors of the observability platform Dynatrace, as well as JumpCloud, a privately held company focused on managing and securing employee access to organizations’ systems. Amol received a Bachelor of Engineering degree from the University of Poona, a Master of Technology degree in Energy Systems Engineering from the Indian Institute of Technology, Bombay, and a Ph.D. in Electrical Engineering from the University of Washington.
Co-Creator, Kubernetes
Co-Creator, Kubernetes
Joe Beda was most recently a principal engineer at VMware, after the acquisition of Heptio, where he was CTO/Founder with Stacklok CEO Craig McLuckie.
During his previous 10-year career at Google, Joe co-founded Kubernetes and served as its technical lead. He also started Google Compute Engine, Google's cloud VM service. Prior to moving into Google Cloud, Joe helped build Google Talk and, while at Microsoft, worked on Internet Explorer during the browser wars (Don't hate him! It makes for good discussions over drinks).
He lives in Seattle with his physician wife, Rachel; 2 kids; and Willie the wonder dog.
We are doing important, interesting work at Stacklok, but topmost is the way we treat each other like human beings should. Sometimes, a list of ‘core values’ is entirely aspirational. Here at Stacklok it is a statement of fact.
I was interested in supply chain security before joining, and I believe that we can make a difference in making software safer at Stacklok. Another reason I love working here is because we stay true to our culture. We’re unlike other startups that have a ‘work hard, burn fast’ attitude … we encourage respect, professionalism, and healthy boundaries.
I joined Stacklok because I really believe in our innovative approach to security management. Working with colleagues that I trust, admire, and share the same work ethic made a difference. I love being part of a dynamic environment and working on an amazing project from the beginning.