About Us

We're passionate about making open source software safer.

At Stacklok, we believe that the open source software supply chain represents one of the greatest technical treasures and sources of human innovation. We also see open source software as a tantalizing target for sophisticated hostile actors. Malware injection into the open source software supply chain is the most significant cyberthreat facing the software industry—and we want to help prevent it.

Our team's background is in creating, maintaining, and scaling open source systems, including Kubernetes and Sigstore. We're drawing on our expertise in open source and security to give developers and open source communities better tools to secure their software and manage external dependency risk.

Our Story

The origin of Stacklok began with the idea that signing and verifying software can and should be dramatically simpler. Consuming software from an unknown origin represents a huge security risk—and yet the majority of open source software isn't signed today, likely because the practice of doing so has been historically cumbersome.

Stacklok CTO Luke Hinds founded the open source project Sigstore in 2020 as a way to make this process easier. Sigstore provides free certificates and tools to automate and verify signatures of source code, and makes those certificates visible, discoverable, and auditable.

In the light of Executive Order 14028, it's clear that enterprise developers and open source communities will start to be held to stricter standards for supply chain security—beyond just signing their source code. And yet developers and communities still don't have many freely accessible tools to help them build safer software, and accurately evaluate dependency safety.

Enter Stacklok. We're building free-to-use products to help developers make better assessments about the dependencies they're using, and clear assertions about the security of the software they're building.

Our mission

Stacklok’s mission is to make it easier to securely develop software. We help developers better understand how their practices and choices impact the security of the software they produce, and we enable companies to implement and insist on practices that lead to safer software delivery and better production security posture.

Our Virtues

We stand
together

We seek out the strengths in ourselves and one another and rely on those strengths to balance our mutual shortcomings.

We are moved
by our work

We believe that the good work we do has the potential to make the world a fundamentally safer place for our loved ones.

We are humble
but relentless

When we succeed we look out and see the contributions of others.

We find
truth in data

We are curious by nature and believe in the power of experimentation and incremental improvement.

Our Team

Stacklok’s leaders have spent their careers conceiving, building and supporting open source projects and communities.

Craig McLuckie

Co-Founder & CEO

Luke Hinds

Co-Founder & CTO

Shanis Windland

Chief Operating Officer

Eryn Muetzel

VP Of Product

Brian Dussault

Director of Engineering

Pankaj Telang

Principal Engineer, Data Science & ML

Evan Anderson

Principal Software Engineer

Megan Bruce

Director of Product Marketing

Gabe Diaz

Director of Recruiting

Our Advisors

Amol Kulkarni

Former Chief Product and Engineering Officer, CrowdStrike

Joe Beda

Co-Creator, Kubernetes

Join Our Team

Life at Stacklok

We are doing important, interesting work at Stacklok, but topmost is the way we treat each other like human beings should. Sometimes, a list of ‘core values’ is entirely aspirational. Here at Stacklok it is a statement of fact.

Nigel

Software Engineer

I was interested in supply chain security before joining, and I believe that we can make a difference in making software safer at Stacklok. Another reason I love working here is because we stay true to our culture. We’re unlike other startups that have a ‘work hard, burn fast’ attitude … we encourage respect, professionalism, and healthy boundaries.

Ozz

Software Engineer

I joined Stacklok because I really believe in our innovative approach to security management. Working with colleagues that I trust, admire, and share the same work ethic made a difference. I love being part of a dynamic environment and working on an amazing project from the beginning.

Yolanda

Software Engineer

Resources

Featured Content

Driving safe and sustainable open source consumption with two new Stacklok capabilities

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Software Supply Chain Security (S3C) Weekly

For Developers

Find and evaluate open source packages

For Open Source Communitites

Secure and govern software projects

For Developers

Find and evaluate open source packages

For Open Source Communitites

Secure and govern software projects

About Us

We're passionate about making open source software safer.

Our Story

Our mission

Our Virtues

We stand together

We are moved by our work

We are humble but relentless

We find truth in data