Episode #29 - Endor Labs with Varun Badhwar
As it turns out, managing Open Source Software (OSS) dependencies is extremely difficult. Not all vulnerabilities are in runtime and/or reachable, not all exploits focus on high/critical CVSS, there is a time delay with patches when they are made available, and Semantic Versioning (SerVer) can make prioritization challenging when thinking through backward compatibility, upgrade paths, version pinning in supply chain, etc.
Though estimates vary based on source, some 80% of deployed code is now OSS with 95% of vulnerabilities taking place in transitive dependencies. What’s more, when looking at the Census II report approximately 50% of all packages tracked did NOT have a release in 2022. This is an intractable problem and a reason why Endor Labs started development back in 2021.
As they so eloquently state, “Software ages like milk, not like wine”.
In this podcast episode, Satbir and Darren explore the Software Composition Analysis (SCA) domain with Varun Badhwar, CEO/Founder of Endor Labs, regarding how to focus teams on the most relevant vulnerabilities associated with their OSS code and how many AppSec programs are starting to focus efforts in this area.
About Endor Labs
Endor Labs was started in 2021 by Varun Badhwar (CEO) and Dimitri Stiliadis (CTO), two serial entrepreneurs who were interested in safeguarding the reuse of Open Source Software (OSS). To date, they have raised $25M in seed funding to bring their dependency lifecycle management capability to market to address the growing use/exploitability of OSS. Endor Labs is looking to reduce the security noise inherent in many Software Composition Analysis (SCA) tools helping teams to better operationalize their code.
Please Reach Out
Please reach out and let us know what your own perspective is on this topic!
Satbir Sran - satbir@ink8r.com, (202)-431-0558
Darren Boyd - darren@ink8r.com, (408)-204-9779
