Endor Labs
- 04/08/2023
- Series A
- $70,000,000
80% of code in modern applications is code your developers didn’t write, but “borrowed” from the internet. With over 3M Open Source Software (OSS) projects, 43M versions, and 3.1T downloads yearly, development teams can gain tremendous benefits from leveraging the OSS ecosystem, as long as organizations invest in the tooling to address the security, scalability and sustainability challenges that come with it.
At Endor Labs, we've created the first open source dependency lifecycle management platform to help OSS consumers select, secure and maintain dependencies effectively.
- Industry Software Development
- Website https://www.endorlabs.com/
- LinkedIn https://www.linkedin.com/company/endorlabs/about/
Related People
Varun BadhwarFounder
“Our latest scan found 39,205 CVEs,” your head of AppSec says.
“Where do we even start?” asks your engineering lead.
Your anxiety rises as you think about the endless meetings, arguments, and email exchanges that will inevitably follow.
But open source security problems aren’t going away any time soon. Did you know only 12% of the open source code your developers import is actually used in your applications?
So what you need to do, and badly, is prioritize these findings. Software composition analysis (SCA) tools generate a ton of noise. And they require expertise and time - which are both expensive - to interpret their output.
To protect your company without shutting down your business operations, you need a strategy:
1. Find the signal in the noise. At most 10% of vulnerabilities in open source libraries are exploitable in any given app, but security scanners are deafeningly loud. Understanding the interaction between first-party (your proprietary) and third-party (open source) code is key to determining whether an attacker can exploit a bug.
2. Identify the top risks. Incidents like the log4shell disclosure have shown how bad a single vulnerability can be. Even worse, there are huge amounts of malicious code in circulation. Identifying and mitigating the most pressing issues will help you stay out of the headlines and get back to business.
3. Trim your dependency trees, safely. Technical debt is a fact of life and accumulates steadily. Removing old libraries from your code can reduce your attack surface. But it can also crash your application. Having a comprehensive call graph, though, can show you where you can apply the scalpel for maximum effect. You can’t hack code that doesn’t exist, so identifying and cutting the fat is an important step.
We launched Endor Labs to help enterprises automate this type of detailed analysis so they can mitigate open source security and operational risks.
I launched Endor Labs to help enterprises automate this type of detailed analysis so they can mitigate open source security and operational risks.
After building RedLock from scratch, selling it to Palo Alto Networks within 3 years from inception, and then creating the Prisma Cloud product from 0 to a $300M ARR business in 3 years, I know exactly how to tackle these types of problems.
Want to learn more about how we can help?
Head to https://www.endorlabs.com/