Chainguard CEO Dan Lorenc On Securing Open Source & Resisting the Urge to Reinvent Enterprise Sales

Chainguard CEO Dan Lorenc On Securing Open Source & Resisting the Urge to Reinvent Enterprise Sales

“Innovate on your product, not your go to market motion.”

April 30, 2025

After investing in Chainguard’s $356M Series D, Salesforce Ventures Managing Director Nowi Kallen talked to CEO Dan Lorenc about why he’s building the secure source for open source, what he’s learned from raising capital, and lessons for fellow entrepreneurs. The following is a transcript of their conversation, lightly edited for clarity and style.

Nowi Kallen: What inspired you to start Chainguard?

Dan Lorenc: Chainguard was founded on a deeply personal belief that there’s a better way to build software. I spent a large part of my career working in open source. Open source is amazing – it has enabled unprecedented innovation, velocity, and reuse, and anyone on the internet can contribute. But not everyone on the internet has the best intentions. 

While I was working on Minikube at Google, I realized I could easily slip malware into open source software undetected. It would take a developer weeks or even months to identify, patch, and update the vulnerabilities. Securing the software supply chain by rebuilding open source daily was a massive problem to solve, and one that most people I talked to thought was impossible.

We founded Chainguard in late 2021 in the aftermath of the Solar Winds attack, which showed how fragile and opaque the software supply chain can be. My co-founders and I had seen and experienced this firsthand, so we set out to build software better. We saw early validation from organizations that were struggling with software provenance and vulnerability management. Since then, we’ve built a growing catalog of secure, minimal container images and hardened build systems that companies like ANZ Bank, Snowflake, HPE, and Canva use in production.

Nowi Kallen: How would you describe Chainguard’s mission today?

Dan Lorenc: Our mission is to be the safe source for open source. Early on, we focused on giving developers the tools to verify what they were building and deploying. Over time, our vision has expanded into helping organizations build a secure-by-default software ecosystem – enabling proactive security across the entire software development lifecycle.

Nowi Kallen: What makes your team the right one to accomplish this mission?

Dan Lorenc: Our leadership team is made up of veterans from some of the most important open source and infrastructure projects of the past decade. Collectively with Matt, Kim, and Ville, we’ve created or contributed to some of the most widely adopted open source projects in software supply chain security, such as Kubernetes, Knative, Sigstore, and SLSA. We’ve all experienced the pain of insecure systems at scale, so our mission isn’t just words on a website, it’s personal to all of us.

Nowi Kallen: Tell me about your Series D. Why was Chainguard seeking a new round of funding, and why did you decide to partner with Salesforce Ventures? 

Dan Lorenc: We were looking for strategic partners who understand the supply chain security landscape and could help us scale in the right way. Salesforce Ventures stood out because of your understanding of the space and ability to help us scale our go-to-market function. Your team’s deep, long-term relationships with key decision-makers at thousands of businesses worldwide is unmatched. We look forward to making more connections across that network as we bring supply chain security to organizations around the world. 

Nowi Kallen: What’s the best piece of advice you’ve ever received as a founder?

Dan Lorenc: Another investor of ours likes to say that a big portion of his job advising seed companies with technical founders is to try to stop them from reinventing the enterprise sales process from first principles. If you truly had a way to change how enterprise sales works, that by itself would likely be a trillion dollar company. Innovate on your product, not your go to market motion.

Nowi Kallen: If you were starting Chainguard from scratch today, what would you do differently?

Dan Lorenc: I probably would have started 12 months earlier. Much earlier than that would have been too early, but the second best time was when we started it!

Nowi Kallen: What’s something you’ve changed your mind about since starting the business?

Dan Lorenc: Early on, we walked away from our initial idea and product. It’s the kind of move that can make some investors nervous — but for us, it was about conviction. We trusted our instincts and customer feedback, and that’s what led us to bet on Containers.

Nowi Kallen: What’s the most controversial opinion you have about building a business?

Dan Lorenc: Chainguard is a 350-person strong remote-only company. My contrarian take is that being a remote company is easy — we have access to a global talent pool, less overhead, no commutes, etc. What makes it hard is growth and making sure people have opportunities to stay connected with each other, our culture, and our values.   

Nowi Kallen: What’s a question you wish people would ask you, but don’t?

Dan Lorenc: “What’s broken in open source software that no one talks about?” The answer is: we still rely too much on scanning for problems instead of preventing them in the first place. 

Nowi Kallen: What lessons have you learned from raising capital from VCs?

Dan Lorenc: Every round is about more than the money. It’s a chance to level up your business, evaluate your roadmap, and double down on what matters most. Choose partners who push you to grow, not just scale.

Nowi Kallen: What excites you about the future of Chainguard?

Dan Lorenc: Our mission is to be the safe source for open source. We started at the end of the supply chain with Chainguard Containers, our zero-CVE container images that have a reduced attack surface, start and stay at zero CVEs, and come with transparent provenance. Recently, we introduced Chainguard VMs, zero-CVE virtual machine images built entirely from source, and Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure. These innovations bring the same security-first approach up and down the modern software stack. 

With our customers and partners, we’re showing that security and innovation don’t have to be at odds. Our vision for the future is a world where developers don’t have to think about security as an afterthought – it’s simply built into the open source software they use every day. We’re not just building and selling a product. We’re fundamentally changing how software is built and deployed. The next phase for Chainguard is about expanding that movement and becoming the safe source for all open source. 

_

To learn more about Chainguard, read our investment announcement. To receive Salesforce Ventures content directly in your inbox, sign up for our newsletter.