Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open source software more safely.
As malicious attacks on open source software continue to grow in number and become more sophisticated (like the recent XZ Utils incident), governments and organizations are calling for increased security and protection against these attacks. Yet open source maintainers—who are often unpaid volunteers, with other full-time jobs—lack the time to stay up to speed on security best practices, and access to freely available tools that can proactively keep their software secure.
To help open source communities and developers produce and consume open source software more safely, Stacklok is harnessing the power of Sigstore, highlighted in this case study.
Read the rest of the case study here