by
Endor Labs, a software management platform that helps developers deal with software code dependencies, launched out of stealth mode today with $25 million in seed funding to help enterprise developers secure open-source software supply chains.
Code is fundamental to security. Often when a headline comes out about an exploit or a vulnerability, it’s a problem that arose from code that was taken advantage of by a hacker or a bot that allowed them access to an internal system.
Not all vulnerabilities are caused by a developer adding a bug in a new piece of code. They can also exist in an open-source library that the app depends on for cryptography, networking or some other seemingly mundane need in its supply chain. These libraries are called “dependencies,” they can go multiple tiers deep, and finding or mitigating the vulnerabilities can be difficult and complex.
That’s where Endor Labs’ newly launched Dependency Lifecycle Management Platform is designed to make developers’ lives easier. It performs deep analytics into every dependency to help developers monitor and maintain code dependencies at large scale to make better decisions.
“Our mission at Endor Labs is to help developers spend less time dealing with security issues and more time accelerating their development through safe code reuse,” Endor Chief Executive Varun Badhwar said in the announcement. “With Endor Labs, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.”
According to Endor, the average enterprise has more than 40,000 open-source dependencies and each of those brings in on average 77 more, creating a massive sprawl of open-source projects to keep track of. That slows down project management because each of these libraries and projects needs to be examined for its risks, updated and scanned for its vulnerabilities.
Through having a full understanding of the dependency graph, enterprise development teams can respond quickly to incidents such as Log4j and head them off before they happen by being able to update dependencies swiftly. “Endor Labs achieves this by going beyond the traditional methods of metadata and vulnerability scanning, and using program analysis and call graphs to gain a deep understanding of how dependencies are being used across the organization,” said Badhwar.
Lightspeed Venture Partners and Dell Technologies Capital participated in the seed round along with more than 30 notable individual business investors including Palo Alto Networks Inc. CEO Nikesh Arora, Zscaler Inc. CEO Jay Chaudhry, Zoom Video Communications Inc. Chief Operating Officer Aparna Bawa and former Atlassian Corp. plc Chief Technology Officer Sri Viswanathan.
“Endor Labs serves a critical need — while open-source software development continues to grow, the way OSS dependencies and their influence on supply chain risk is managed today hinders development, and leaves both engineering and security teams frustrated,” said Arif Janmohamed, partner at Lightspeed Venture Partners.
Over the past year, Endor began working with over 75 major organizations with between 200 and 35,000 employees to incorporate its platform in private beta and provide feedback. Now that the company is publicly launched, it’s inviting more people to join the beta by coming to the Endor Labs website.
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Pasqal, a startup building neutral atom-based quantum computers, closes on €100 million funding round
Details emerge on why Apple’s new mixed reality headset won’t come cheap
Thoma Bravo snaps up digital forensic software firm Magnet Forensics for $1.3B
Samsung patches vulnerabilities that exposed Galaxy Store to attackers
Big banks reportedly working on digital wallet to take on Apple and PayPal
Sumo Logic’s stock soars as private equity firms target it for acquisition
Pasqal, a startup building neutral atom-based quantum computers, closes on €100 million funding round
EMERGING TECH – BY . 2 HOURS AGO
Details emerge on why Apple’s new mixed reality headset won’t come cheap
EMERGING TECH – BY . 6 HOURS AGO
Thoma Bravo snaps up digital forensic software firm Magnet Forensics for $1.3B
SECURITY – BY . 7 HOURS AGO
Samsung patches vulnerabilities that exposed Galaxy Store to attackers
SECURITY – BY . 8 HOURS AGO
Big banks reportedly working on digital wallet to take on Apple and PayPal
EMERGING TECH – BY . 8 HOURS AGO
Sumo Logic’s stock soars as private equity firms target it for acquisition
CLOUD – BY . 9 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
source
—
Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…