Trusty provides a free-to-use service with scoring and metrics about a package’s repo and author activity.
At Stacklok, we believe that the open source software supply chain represents one of the greatest technical treasures and sources of human innovation. We also see open source software as a tantalizing target for sophisticated hostile actors. Malware injection into the open source software supply chain is the most significant cyberthreat facing the software industry—and we want to help prevent it.
Our team's background is in creating, maintaining, and scaling open source systems, including Kubernetes and Sigstore. We're drawing on our expertise in open source and security to give developers and open source communities better tools to secure their software and manage external dependency risk.
The origin of Stacklok began with the idea that signing and verifying software can and should be dramatically simpler. Consuming software from an unknown origin represents a huge security risk—and yet the majority of open source software isn't signed today, likely because the practice of doing so has been historically cumbersome.
Stacklok CTO Luke Hinds founded the open source project Sigstore in 2020 as a way to make this process easier. Sigstore provides free certificates and tools to automate and verify signatures of source code, and makes those certificates visible, discoverable, and auditable.
In the light of Executive Order 14028, it's clear that enterprise developers and open source communities will start to be held to stricter standards for supply chain security—beyond just signing their source code. And yet developers and communities still don't have many freely accessible tools to help them build safer software, and accurately evaluate dependency safety.
Enter Stacklok. We're building free-to-use products to help developers make better assessments about the dependencies they're using, and clear assertions about the security of the software they're building.
Stacklok’s mission is to make it easier to securely develop software. We help developers better understand how their practices and choices impact the security of the software they produce, and we enable companies to implement and insist on practices that lead to safer software delivery and better production security posture.
We seek out the strengths in ourselves and one another and rely on those strengths to balance our mutual shortcomings.
We believe that the good work we do has the potential to make the world a fundamentally safer place for our loved ones.
When we succeed we look out and see the contributions of others.
We are curious by nature and believe in the power of experimentation and incremental improvement.
Stacklok’s leaders have spent their careers conceiving, building and supporting open source projects and communities.
Co-Founder & CEO
Co-Founder & CEO
Craig McLuckie, CEO of Stacklok, is an experienced startup founder and leader in the open source ecosystem and cloud computing. Prior to Stacklok, Craig was the founder and CEO of Heptio, an Accel and Madrona Portfolio Company. After the acquisition of Heptio by VMware for $500 million, he served as VP R&D at VMware for 3.5 years, where he managed a team of over 1,500 engineers and supported the growth of the Tanzu business from ~$50M to close to $1B through organic and inorganic growth (acquisition). He participated in shaping VMware’s overall strategy around cloud native apps, which will likely remain a significant area of focus, even given the Broadcom acquisition announcement. He sponsored key innovation efforts like Tanzu Application Platform, a logical successor to Pivotal Cloud Foundry, and managed the Spring engineering team, amongst other developer-focused efforts.
Prior to Heptio, Craig was a product management leader at Google, where he co-founded Kubernetes, a highly successful open source project that is used or being evaluated by 96% of organizations, according to a recent survey. Craig also bootstrapped and chaired the Cloud Native Computing Foundation, an open source, vendor-neutral hub and host for multiple cloud native open source projects. Additionally, during his time at Google, Craig and Heptio co-founder Joe Beda created and drove the delivery of Google Compute Engine, which emerged as the anchor for Google’s cloud strategy.
Co-Founder & CTO
Co-Founder & CTO
Luke is a highly regarded and industry-recognized open source security leader and a former Distinguished Engineer from the Red Hat CTO office. While at Red Hat, Luke led a security engineering team in the Office of the CTO, where open source projects such as enarx and keylime were built.
In 2020, Luke founded Sigstore, an open source project that dramatically simplifies the process of digitally signing and checking software components, for a safer chain-of-custody tracing software back to the source. He currently acts as the chair of Sigstore’s technical steering committee. He is among the founding members of OpenSSF, a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. He currently serves as an OpenSSF Governing Board Member and previously served in a community-elected position on the Technical Advisory Council. Luke also manages the vulnerability bug bounty program for Kubernetes. He is a board member of the Confidential Computing Consortium.
Luke is widely considered an authority on open source supply chain security and is often invited to speak at events including the RSA Conference and Kubecon / CloudNativeCon.
Chief Operating Officer
Chief Operating Officer
Shanis Windland, COO of Stacklok, is an experienced Operations and Finance executive. Prior to Stacklok, Shanis led HR in many capacities at VMware. Prior to joining VMware, she was the CFO of Heptio, an Accel- and Madrona-backed company that was acquired by VMware for $500 million. She serves on the board of Starform and Northwest Harvest.
Shanis served as VP Human Resources at VMware for 5 years, where she started as the Global Head of Diversity, Equity and Inclusion. During her time at VMware she also led Talent Acquisition, Global Compensation, Benefits and HR Services. In each capacity, she consistently drove impactful transformations, optimized processes and served as a connector of the people functions with the broader organization.
In her final role at VMware, she was the lead for all things people as the company navigated and completed the Broadcom acquisition of VMware. She has a proven history of leveraging her combined expertise in finance, business, and people to drive consistent business impact.
VP Of Product
VP Of Product
Eryn is VP of Product Management at Stacklok, where she leads business and product efforts to enable developers and secure software supply chains using open source technologies.Eryn has spent the last nine years enabling enterprise adoption of Kubernetes and cloud native computing technologies during her time at VMware, Heptio, and Mesosphere.
Most recently at VMware, Eryn led platform product management for VMware’s Tanzu cloud native computing business. Eryn has a deep understanding of the challenges with shipping software securely and putting open source technologies into production systems.
Eryn is a Pacific Northwest native and can usually be found skiing down or hiking up mountains.
Director of Engineering
Director of Engineering
Brian Dussault is the Director of Engineering at Stacklok, where he is focused on securing the software supply chain.
Prior to joining Stacklok, he was a Senior Director of Engineering at VMware. At VMware, he led the popular open source Spring Framework, which is used and trusted by millions of Java developers around the world.
After spending the last 10 years operating an open source project at scale, he has developed a deep understanding and empathy for the software supply chain challenges faced by consumers and producers of open source software.
Principal Engineer, Data Science & ML
Principal Engineer, Data Science & ML
Pankaj has over 20 years of experience in the areas of AI, ML, computer vision, cybersecurity, and software development. Pankaj most recently worked as a Principal Staff Scientist for SAS, focused on cybersecurity and computer vision; he spent 8 years at SAS focusing in these areas. For cybersecurity, Pankaj developed ML algorithms for detecting suspicious user and device activities from network communications. For computer vision, he developed cloud-based image processing APIs, and trained ML models for various use cases.
Prior to SAS, Pankaj worked at Cisco Systems for ~14 years as a software engineer and an architect in various areas, including B2B and cybersecurity. He received his PhD in Computer Science from NC State University.
Principal Software Engineer
Principal Software Engineer
Evan Anderson is a Principal Software Engineer at Stacklok, securing software supply chains using open source technologies.
He has been working in cloud for almost 20 years, starting at Google’s private cloud and then building Google Compute Engine and various serverless offerings, including Cloud Functions, Cloud Run, and Knative.
About 4 years ago, Evan joined VMware as a Senior Staff Engineer, working on Tanzu Application Platform until June 2023.
Director of Product Marketing
Director of Product Marketing
Megan is the Director of Product Marketing at Stacklok. Prior to Stacklok, she worked as a product manager at Google Cloud, providing go-to-market and user research support for Google Cloud's serverless orchestration products and helping to build fault injection tooling for developers.
Megan previously worked in both product marketing and product management leadership roles at VMware. She joined VMware after its acquisition of Heptio, and helped to establish the initial Tanzu platform brand, messaging, and enterprise go-to-market strategy. She also supported go-to-market and product management efforts for VMware Tanzu Mission Control, a Kubernetes cluster management platform.
Megan is a former co-chair of Open Seattle, a volunteer civic technology organization. She also co-founded the Civic User Testing Group with University of Washington associate professor Nic Weber to engage Seattle citizens in testing and providing feedback on local civic technology projects.
Director of Recruiting
Director of Recruiting
Gabe is the Director of Recruiting at Stacklok where he leads efforts focused on attracting and hiring exceptional talent that align with the mission and virtues of the company.
His career spans more than 15 years in recruiting, working across agency/search, start ups, and large public & private companies. He's an entrepreneur and has held various recruiting leadership roles at notable software companies such as Pivotal Software and VMware, where he's led teams and collaborated with leading technologists, successfully placing top-tier talent across the globe.
Gabe is a native of South Florida and resides in Miami Beach, where you can usually find him on a golf course or spending time with his family.
Former Chief Product and Engineering Officer, CrowdStrike
Former Chief Product and Engineering Officer, CrowdStrike
Amol Kulkarni has over two decades of product and software engineering experience. Until August 2023, he was Chief Product and Engineering Officer of CrowdStrike, a global cybersecurity leader, and prior to that, as the company’s Senior Vice President of Engineering and Products. Before joining CrowdStrike in 2014, Amol held various product and software leadership roles for 14 years at Microsoft.
Amol currently serves on the board of directors of the observability platform Dynatrace, as well as JumpCloud, a privately held company focused on managing and securing employee access to organizations’ systems. Amol received a Bachelor of Engineering degree from the University of Poona, a Master of Technology degree in Energy Systems Engineering from the Indian Institute of Technology, Bombay, and a Ph.D. in Electrical Engineering from the University of Washington.
Co-Creator, Kubernetes
Co-Creator, Kubernetes
Joe Beda was most recently a principal engineer at VMware, after the acquisition of Heptio, where he was CTO/Founder with Stacklok CEO Craig McLuckie.
During his previous 10-year career at Google, Joe co-founded Kubernetes and served as its technical lead. He also started Google Compute Engine, Google's cloud VM service. Prior to moving into Google Cloud, Joe helped build Google Talk and, while at Microsoft, worked on Internet Explorer during the browser wars (Don't hate him! It makes for good discussions over drinks).
He lives in Seattle with his physician wife, Rachel; 2 kids; and Willie the wonder dog.
We are doing important, interesting work at Stacklok, but topmost is the way we treat each other like human beings should. Sometimes, a list of ‘core values’ is entirely aspirational. Here at Stacklok it is a statement of fact.
I was interested in supply chain security before joining, and I believe that we can make a difference in making software safer at Stacklok. Another reason I love working here is because we stay true to our culture. We’re unlike other startups that have a ‘work hard, burn fast’ attitude … we encourage respect, professionalism, and healthy boundaries.
I joined Stacklok because I really believe in our innovative approach to security management. Working with colleagues that I trust, admire, and share the same work ethic made a difference. I love being part of a dynamic environment and working on an amazing project from the beginning.