Endor Labs, a cybersecurity company, is prioritizing risk across open source software, CI/CD pipelines, and secrets to help organizations mitigate vulnerabilities. With the Log4j vulnerability shedding light on the importance of open source code, Endor’s approach of dependency lifecycle management aims to calculate an overall risk score that enables companies to set effective security policies.
According to Thuy Nguyen, Endor Labs’ director of demand generation, 90% of code in modern applications is open source, and 95% of vulnerabilities are found in transitive dependencies. This means that security teams often struggle with prioritizing the right risks for engineering teams to address. Endor aims to address this challenge by emphasizing how a dependency is used within the organization rather than solely focusing on the severity of a vulnerability.
Endor’s unique approach is called reachability analysis. By creating a comprehensive inventory of software and tracing every path to a vulnerability, the company can identify which vulnerabilities need immediate attention and which can be addressed later. Users can utilize DroidGPT, a chatbot now in beta, to query the Endor Labs platform and identify alternative open source packages that are less vulnerable.
One aspect that sets Endor apart is its team of specialists. With a third of the company’s R&D team holding doctorates, they bring a high level of expertise to their work. Nguyen highlights their decision to tackle one problem at a time, ensuring it is solved in the most effective way possible. Their initial focus is on open source dependencies, with plans to expand into prioritized secret scanning and supply chain management/configuration posture management.
Endor Labs recently made it to the finals of the Black Hat Startup Spotlight, along with three other companies. This recognition highlights the company’s innovative approach to cybersecurity. The finalists will present their business models to a panel of judges at the Mandalay Bay in Las Vegas. Dark Reading’s editor-in-chief, Kelly Jackson Higgins, will host the awards ceremony.
For those attending the Black Hat conference, Endor Labs is offering a platform demo at their booth, along with a cute mascot and Star Wars-inspired keychain/bottle-openers. They also have an event planned at the Topgolf driving range and sports bar. The company’s name, “Endor,” is inspired by the forest moon in the Star Wars universe where Ewoks live. Even their security research team is named “Station 9” after a research station on Endor.
As of now, Endor Labs has raised $25 million in seed funding and has 50 employees. If the company were a band, they would name themselves “The Ewoks” and play futuristic synth-rock. And when it comes to the controversial question of pineapple on pizza, the company is evenly split, but the marketing team has decided to be in favor of it.
Overall, Endor Labs’ reachability analysis approach and focus on prioritizing risk in open source software aim to address the challenges faced by organizations in identifying and mitigating vulnerabilities effectively. With their innovative methods and expert team, they are making strides in the cybersecurity industry.