The Case for Hardened Container Images with Ryan Carlson
Chainguard president Ryan Carlson explains how $350 Million in additional funding will be applied to better secure modern cloud-native application development environments using hardened container images.
Despite all the talk about shifting left and securing the software supply chain, many organizations are still wrestling with the basics—namely, hardening the container images and open source components they rely on every day. In this conversation, Ryan Carlson breaks down why that’s still such a challenge and what it really takes to turn visibility into action. The old model of relying on developers to spot and patch vulnerabilities on their own is not only inefficient—it’s unsustainable.
Carlson emphasizes that true security starts with removing as many vulnerabilities as possible before software even gets into production. But just as importantly, that process shouldn’t slow down development. The goal is to give engineering teams hardened, vulnerability-free images without asking them to overhaul the tools or workflows they already use. That means securing not just base containers, but everything from language libraries to AI application stacks—and even letting teams extend hardened images without breaking their security.
One of the big takeaways? Organizations don’t need to choose between speed and security. When you start from a secure foundation, you reduce toil, improve productivity, and make it harder for adversaries to exploit common weaknesses. In a world where attackers are scanning and exploiting vulnerabilities within minutes, waiting to address software security later just doesn’t cut it.
This isn’t about buzzwords or silver bullets—it’s about being practical. Start with your most widely used or painful images. Visualize your CVE reduction. Make the secure path the easy one. Because hoping vulnerabilities won’t be exploited is not a strategy.
