VMblog:  If you were giving a KubeCon attendee a quick overview of the company, what would you say?  How would you describe the company?

Kaylin Trychon:  Chainguard is the safe source for open source. Our Chainguard Images solution offers a comprehensive approach to building software that is secure by default. We don't just tell you what is broken, we reduce your attack surface and eliminate classes of security vulnerabilities in the open source software you consume.

VMblog:  How can attendees of the event find you?  What do you have planned at your booth this year?  What type of things will attendees be able to do at your booth? 

Trychon:  Attendees can find us at booth #H28, we'll be the ones with the Chainguard octopus beanies, socks, stickers, playing cards and more. We're also giving away an Apple Vision Pro, so folks should definitely stop by to see how they can get their hands on it and take it home with them.

We're also participating in a Passport Program with other KubeCon EU sponsors in the cloud-native industry, so attendees are invited to come get their stamp and get the chance to win a Meta Quest 5, Playstation Portable or Paris Lego set.

Of course, attendees can visit with our open source and software supply chain developer experts and check out live demos of our Chainguard Images. It's a pretty powerful experience to see Images in action! We'll also be talking about our first Chainguard Academy course, Painless Vulnerability Management, which gives you all the information you need to know about executing a robust vulnerability management program, best practices to reduce CVEs in software, and hands-on tutorials with Chainguard Images.

VMblog:  Have you sponsored KubeCon + CloudNativeCon in the past?  If so, what is it about this show that keeps you coming back as a sponsor?

Trychon:  Yes, KubeCon is an incredible event and important show for cloud native developers, who are trying to keep up on a variety of topics - including how to secure their containers and software supply chains. It's the perfect meeting place for these discussions.

VMblog:  Do you have any speaking sessions during the event?  If so, can you give us the details?

Trychon:  Yes, we're excited to be presenting and have four sessions folks should check out.

• Falco: A Grand Promenade Through Cloud Native Runtime Security, Carlos Panato, staff software engineer - - Wednesday, March 20 in Pavilion 7, Level 7.3 - W02-03

• Planning for Maturity: Sig Release's Revamp for a More Stable Kubernetes, Carlos Panato, staff engineer - - Wednesday, March 20 in Pavillion 7, Level 7.3 - E05-E06

• Snyk Theater Session, Dustin Kirkland, VP of engineering - - Thursday, March 21 at 11 am in the Snyk booth #J2

• Building Container Images the Modern Way, Adrian Mouat, Staff DevRel/OSS engineer - - Friday, March 22 at 11:55 am in Pavillion 7, Level 7.3 - S05

• How I Met Your Software - An Image's Sitcom of Consuming and Securing Software in Cloud Native, Mritunjay Sharma, software engineer - - Friday, March 22 at 2 pm in Pavillion 7, Level 7.3 - S02

VMblog:  What kind of message will an attendee hear from you this year?  What will they take back to help sell their management team and decision makers?

Trychon:  We all understand that open source has taken over the world of software development. But the largest trade off still persists, security.

This includes all the Linux-based operating systems, all of the platform layers (like Kubernetes and Docker), all of the service management tools (like Iistio, Prometheus, Vault, Terraform, etc.) and all the applications built on platforms like Go, Java, Python and Node.js, with backends in Mysql, Maria, Postgres. These amazing technologies enable developers to manage cloud-native applications at scale, but come with inherent risk.

Teams feel frozen because it's an existential threat to their business and the constant tax on the engineering team to patch holes feels too high. So companies end up spending an enormous amount of time and resources patching and fortifying open source software in order to ship with confidence and compliance.

That's why Chainguard has built the largest library of open source software that is secure by default. We eliminate these challenges by remediating CVEs in the open source software companies consume. The best part is that it doesn't require a lengthy implementation process. All developers need to do is switch where they get their software from. It doesn't just sound easy, it is easy.

VMblog:  Can you double click on your company's technologies?  And talk about the types of problems you solve for a KubeCon + CloudNativeCon attendee.

Trychon:  Chainguard's primary areas are container security, secure image delivery and software supply chain security:

• Container Security: Developers don't have to shift left in the SDLC, they only start left with container images that are secure by default.

• Vulnerability Remediation & Management: Developers and security professionals can offload vulnerability management with Chainguard's suite of hardened, minimal images.

• Open Source Software Security: Our users consume software that is built, curated and secured by Chainguard. We give you detailed provenance data so they can easily answer any security audit question about the software in their stack.

• Compliance & Risk Mitigation: Our users get images and packages with enterprise SLAs and FIPS-validation that help them address FedRAMP compliance to reduce time and effort.

• Software Supply Chain Security: Our customers can build software secure from the start and keep it that way with features like cryptographic signatures, continuous verification and rapid updates, and SBOMs to stop supply chain attacks and ensure compliance.
  

VMblog:  While thinking about your company's solutions, can you give readers a few examples of how your offerings are unique?  What are your differentiators?  What sets you apart from the competition?

Trychon:  Chainguard Images are built with Wolfi, an open source community undistro developed by Chainguard, that was designed from the ground up to produce container images that meet the requirements of a secure software supply chain. We can repackage anything in our repository to be FIPS validated. Chainguard Images save 2,000 hours of annual staff time spent triaging CVE false positives and have 97.6% fewer vulnerabilities than industry alternatives.  

VMblog:  With regard to containers and Kubernetes, is there anything holding it back from a wider distribution?  If so, what is it?  And how do we overcome it?  

Trychon:  We've all experienced the complexities of Kubernetes adoption but, as is the case with any maturing technologies, those complexities are being addressed by innovation across the ecosystem and largest tech industry. We believe the remaining barrier to adoption is the inherent security risks we mentioned. The good news is it's not a big leap to begin eliminating CVEs and building and shipping software with confidence. Chainguard is the safe source for open source and our Images can help speed and ease Kubernetes and any open source, cloud-native technology adoption.

VMblog:  The keynote stage will be covering a number of big topics, but what big changes or trends does your company see taking shape this year?

Trychon:  Obviously, AI is on the tip of everyone's tongue. We, along with many others, see an incredible opportunity here but our perspective is a bit different and really takes a big-picture view. What is happening today with Gen AI really echoes what happened when open source software took off. Everyone is racing to adopt and use this new technology to scale their work and become more effective and efficient - - but they are overlooking the security of this new technology. It is untested in many ways and hasn't gone through the rigorous security review it should before countless orgs are deploying these new AI APIs into their production environments. We can learn our lesson this time around and adopt AI with a security first mindset.

VMblog:  Is your company sponsoring any type of party or get together during the event that you'd like to notify attendees about?

Trychon:  Yes, of course! We love to have a good time and some of the best conversations happen at the parties. We'll be co-hosting again the OSS Security Soiree with partners Docker Scout, Snyk, and Sysdig on Tuesday, March 19 from 7-9 pm at the Courtyard Paris in Porte de Versailles. We'll also be at the CTRL+ALT+Tech-n-Roll event on Wednesday, March 20, and joining the Cloud_Native Rejects as a supporting sponsor.

VMblog:  Do you have any advice for attendees of the show?

Trychon:  It's a really big event, one of the biggest open source events in the world, so make your priority list in advance. Make a list of the keynotes and sessions you want to make sure to attend and the 1:1s you've booked. Make time for those 1:1s, because that's where really interesting things happen. Take a crawl through the booths and don't forget the parties! Most of all, hydrate and take care of yourself. Rest when you need and come see us! We'll change your cloud-native journey!