Collaborate Disseminate
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious ma… Continue reading New open-source project takeover attacks spotted, stymied
NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides acti… Continue reading Integrating software supply chain security in DevSecOps CI/CD pipelines
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead devel… Continue reading Be prepared to patch high-severity vulnerability in curl and libcurl
Endor Labs raises $70 million in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOs, and CTOs. Arif Janmohamed of Lightspeed, Sri Viswanath … Continue reading Endor Labs raises $70 million to expand into other areas of code and pipeline security
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
The post Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round appeared first o… Continue reading Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round
As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report… Continue reading LLMs and AI positioned to dominate the AppSec world
A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source components. In this Help Net Security video, Henrik Plate, Lead Security Research… Continue reading Malicious open-source components threatening digital infrastructure
New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the re… Continue reading Research reveals where 95% of open source vulnerabilities lie
Endor Labs officially came out of stealth, launching the company with a Dependency Lifecycle Management Platform that helps development and security teams maximize software reuse by safely evaluating, maintaining, and updating dependencies. The average… Continue reading Endor Labs emerges from stealth with $25 million to protect software supply chains