Stacklok

Stacklok is a company dedicated to enhancing open-source software security. Their mission is to empower developers and open-source communities with tools and resources to build and consume safer software. They offer two free-to-use products: Trusty, which helps developers make safer dependency choices by assessing package risk factors like author and repository activity, and Minder, an open-source platform for automating and enforcing security practices such as artifact signing and verification across multiple repositories. Stacklok's founders are veterans of the open-source community, having created and maintained projects like Kubernetes and Sigstore, which informs their commitment to a community-driven approach to software security.

Stacklok's approach is unique in that they focus on a holistic assessment of open-source software beyond traditional vulnerability scanning. They incorporate elements like source-of-origin verification, author reputation, and project activity into their risk evaluation. Their tools are designed to integrate seamlessly with developer workflows, making it easy to adopt and enforce security best practices. By fostering a safer open-source ecosystem, Stacklok aims to bolster trust in software development and promote sustainable innovation.

Stacklok offers flexible work arrangements, with positions available both remotely and in-office. This allows employees to choose the work environment that best suits their needs, with the option of working from home full-time or for part of the week.

Stacklok offers a comprehensive benefits package designed to support its employees' well-being and career growth. They prioritize flexibility, offering fully remote and hybrid work options. They provide generous healthcare benefits including medical, dental, and vision plans with HSA options and coverage for dependents. Employees can take advantage of flexible time off, paid parental leave, company equity, and dedicated company holidays for rest and recovery. The company also hosts regular team offsites to foster in-person collaboration.

Stacklok is dedicated to enhancing the security of open-source software by providing developers and open-source communities with tools and approaches to detect and prevent supply chain attacks. Their mission is to make open-source software consumption safer by verifying the origin of code, assessing its maintainability, and proactively implementing best practices through their products, Trusty and Minder.

Stacklok promotes a culture that values open communication and collaboration, fostering a welcoming and respectful environment where everyone's ideas and backgrounds are appreciated. They prioritize a work-life balance by offering flexible work arrangements, comprehensive benefits, and a commitment to treating each other like human beings. The company emphasizes a "work hard, but don't burn out" attitude, encouraging respect, professionalism, and healthy boundaries.

Stacklok is committed to building a diverse, equitable, and inclusive workplace where everyone feels welcomed, respected, and valued. The company believes in the power of diverse perspectives and experiences to drive innovation and make open source software more secure. They actively work to create an environment where all team members have equal opportunities to succeed, regardless of their background, identity, or beliefs.