Endor Labs

Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s …

What open source means for cybersecurity
With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to …

Tackling software vulnerabilities with smarter developer strategies
In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can …

Detecting vulnerable code in software dependencies is more complex than it seems
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within …

Trends and dangers in open-source software dependencies
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are …

Infosec products of the month: August 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, …

New infosec products of the week: August 9, 2024
Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, …

Endor Labs launches Upgrade Impact Analysis and Magic Patches for SCA market
Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches, that fix an expensive and time-consuming problem in the Software Composition Analysis …

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices
Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff …

New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils …

Integrating software supply chain security in DevSecOps CI/CD pipelines
NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, …

Be prepared to patch high-severity vulnerability in curl and libcurl
UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …
Featured news
Resources
Don't miss
- Meta open-sources AI tool to automatically classify sensitive documents
- Why SAP security updates are a struggle for large enterprises
- Attackers fake IT support calls to steal Salesforce data
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
- How to manage your cyber risk in a modern attack surface