Endor Labs

Only one week left until the "𝐖𝐡𝐚𝐭 𝐢𝐬 𝐚𝐧 𝐎𝐒𝐏𝐎?" live webinar! Join us as we cover: ✅ What an Open Source Program Office (OSPO) can include ✅ Who should be part of the OSPO ✅ The value and benefits of an OSPO ✅ Lessons learned from OSPOs Russ Eling, founder of OSS Consultants and creator of one of the first large-scale OSPO programs and Chris H., Chief Security Advisor at Endor Labs & President, Aquia will be diving into these topics during the webinar. Got more questions about #OSPOs? Drop them in the comments below. https://lnkd.in/gB2jsXe6

Your SCA tools should look at both leading and lagging indicators of risk. 𝐖𝐡𝐚𝐭 𝐝𝐨𝐞𝐬 𝐭𝐡𝐢𝐬 𝐦𝐞𝐚𝐧?  Lagging indicators—like known vulns—are risks already present in your environment Leading indicators—like unmaintained packages—are issues that are likely to cause problems in the future 𝐏𝐫𝐨 𝐓𝐢𝐩: Find out what types of risks the SCA tool can detect. Pick an SCA tool that can detect the OWASP OSS Top 10 risks, including unmaintained software, projects with declining activity or quality, outdated software, name confusion attacks, and even the compromise of legitimate packages. Not just known vulnerabilities. Find more questions you can ask your software composition analysis vendor here: https://lnkd.in/gzyD44eA #SCA #OWASP #OSS #AppSec

Join us for a chat tomorrow, Wednesday, July 17, at 9:00 a.m. PT. AppSec / ProdSec teams have more tools and processes to deploy and manage across the SDLC, CI/CD pipelines and pipeline integrations. These are complex and expensive. An emerging solution to this problem is to create independent pipelines for executing security tasks in CI/CD. Learn about common patterns and tradeoffs for security pipelines in this introductory webinar. https://hubs.ly/Q02Gtf640 #AppSec #SecurityPipeline Kayra Otaner Jamie S. Darren Meyer

Will you be at #BlackHat this year? Endor Labs along with Astrix Security is hosting an Exclusive CISO Breakfast on the 7th August 🍳 We'll have great food, even better conversations. Limited spots —DM us for details.

🚨Big news! Endor Labs secures a strategic investment from Citi Ventures! 🚨 Never a dull moment on our forest moon. Financial institutions nowadays outpace some technology companies on innovation, all while being heavily regulated. The need to move fast and stay safe is why BFSI makes up some of Endor Labs' biggest customers! This endorsement makes it even clearer we're headed in the right direction: “Endor Labs represents the next major innovation in application security,” said Matt Carbonara ✅ , Head of Enterprise Tech Investing at Citi Ventures. “Their platform represents a technological step change in how vulnerabilities are analyzed. For a long time now, developers have had to manually analyze vulnerabilities to assess if they are exercised in production. We believe that the reachability analysis provided by Endor Labs will be a must-have technology for enterprises, focusing developers’ efforts on only the most critical and reachable vulnerabilities and saving them countless hours. We’re extremely excited to become investors and partner with Varun Badhwar and team.” https://hubs.ly/Q02Gz4xr0 #CitiVentures #AppSec

Join Kayra Otaner (Director of DevSecOps at Roche) and Jamie S. from Endor Labs to learn how you can and should create an independent pipeline for executing security controls and tools across all your enterprise-wide CI/CD pipelines.

We’re talking about Security Pipelines! Join us for a chat on Wednesday, July 17, at 9:00 a.m. PT. Darren Meyer, Staff Research Engineer at Endor Labs, will be hosting this session featuring Kayra Otaner, Director of DevSecOps at Roche, and Jamie S., Founding Product Manager at Endor Labs. They’ll dive into "What's a Security Pipeline?" AppSec / ProdSec teams have more tools and processes to deploy and manage across ❇️  The SDLC ❇️  CI/CD pipelines ❇️  Pipeline integrations These are complex and expensive. An emerging solution to this problem is to create independent pipelines for executing security tasks in CI/CD. Learn about common patterns and tradeoffs for security pipelines in this introductory webinar. https://lnkd.in/gPrY-Ugs #webinar #appsec #security #cybersecurity #sca

Join us at the Cloud Security Alliance - SF Chapter meet-up on Tuesday, July 23rd at 5:30 PM at the Endor Labs HQ in Downtown Palo Alto! Network over food and drinks while enjoying talks by experts from the SANS Institute and Endor Labs. Dan deBeaubien will discuss Generative AI, Business Risk, and Opportunities, and Jamie S. will talk about- The SCA Balancing Act: Understanding Tradeoffs, What to Do and Avoid. We look forward to seeing you there! Find the RSVP link in the comments below 👇

LeanAppSec just launched a new course on 𝐒𝐁𝐎𝐌𝐬 𝐟𝐨𝐫 𝐀𝐩𝐩𝐒𝐞𝐜 𝐚𝐧𝐝 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞! 𝐂𝐡𝐞𝐜𝐤 𝐨𝐮𝐭 𝐭𝐡𝐞 𝐜𝐨𝐮𝐫𝐬𝐞 𝐢𝐟 𝐲𝐨𝐮: 💬 𝐖𝐚𝐧𝐭 𝐭𝐨 𝐫𝐞𝐬𝐩𝐨𝐧𝐝 𝐪𝐮𝐢𝐜𝐤𝐥𝐲 𝐭𝐨 𝐬𝐮𝐩𝐩𝐥𝐲 𝐜𝐡𝐚𝐢𝐧 𝐢𝐧𝐜𝐢𝐝𝐞𝐧𝐭𝐬: Use SBOMs to track where you have affected components 🏛️ 𝐂𝐚𝐫𝐞 𝐚𝐛𝐨𝐮𝐭 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞: Learn how you can generate and share SBOMs with auditors/regulators 🔧 𝐖𝐚𝐧𝐭 𝐭𝐨 𝐛𝐮𝐢𝐥𝐝 𝐚 𝐦𝐚𝐭𝐮𝐫𝐞 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐩𝐫𝐨𝐠𝐫𝐚𝐦: An SBOM shows your organization has a well-developed security practice. https://lnkd.in/emzU56JU #SBOM #AppSec #Compliance

As my second born is right about to hit two months old, I am reflecting on how thankful I am to have this time with him and my family! I just hit one year at Endor Labs and am so grateful to celebrate this milestone while on maternity leave. Thanks to Endor Labs for the incredible support and generous time off, making it possible to balance a career and motherhood. It’s no wonder we were just named on Inc's Best Workplaces list for 2024! I’m truly proud to be part of such a supportive and amazing team! 🙏🏼🚀🏆 (pic included: family outing to the local zoo 🥰) Check out highlights from the past year in this announcement: https://lnkd.in/gQ6NjbWG #Hiringnow #AppSec #IncBestWorkplaces