Meanwhile, security teams lack true visibility.
#FIRST CLASS TROUBLE UPDATE 1.04 UPDATE#
As a result, developers struggle to maintain, troubleshoot and update dependencies and lose many hours dealing with alert fatigue from the firehose of false positives. The numbers are truly staggering: A typical large enterprise - such as with 10,000-plus employees - has more than two million total dependencies. "Open source software offers a rich resource for development velocity, but massive dependency sprawl hinders development and increases the attack surface. "If risks to the software supply chain aren’t a boardroom priority yet, they soon will be," Badhwar told TechCrunch in an email interview. Badhwar tells TechCrunch that the previously undisclosed funding is being used to support growth while continuing to expand Endor's R&D. In a show of investor interest, Endor - which launched out of stealth today with a private beta - has attracted $25 million to date from Lightspeed Venture Partners, Dell Technologies Capital, Sierra Ventures and angel investors, including Palo Alto Networks CEO Nikesh Arora. He's the co-founder of Endor Labs, a startup that has just over 30 employees and uses graph analysis tech to learn how dependencies are being used within an organization and create indicators of risk.
But Varun Badhwar argues that they don't go far enough.
While that's a positive trend - open source confers a wealth of benefits, not least of which transparency - it can have its drawbacks, like low visibility into whether the code might contain vulnerabilities.Ī number of vendors are tackling the issue of open source security, offering tools that scan the metadata and descriptors of packages to find known exploits. In a 2018 survey by Tidelift, a software supply chain management platform, 92% of professional software developers said that their apps contained open source libraries. An increasing percentage of the code that companies use to develop software is open source.
0 kommentar(er)
