Securing Everything from 40-Year-Old C++ to GenAI Code with Varun Badhwar, CEO of Endor Labs

In this episode of Modern CTO, Joel Beasley interviews Varun Badhwar, CEO of Endor Labs, about solving the developer productivity tax by enhancing code security. Varun discusses the origins of Endor Labs, stemming from the SolarWinds incident and the realization that most code is assembled from open-source libraries with unvetted code. He explains how Endor Labs differs from traditional code scanning tools by focusing on identifying and addressing vulnerabilities in actively used code, providing solutions, and integrating seamlessly into developer workflows. The conversation also covers the increasing threat of malicious code in open-source ecosystems and the role of AI coding agents in generating insecure code, highlighting Endor Labs' approach to providing real-time feedback and secure-by-default strategies. Varun shares leadership insights on building a transparent culture and avoiding the pitfalls of homogenous hiring practices, as well as balancing startup life with family.

Outlines

Part 1: Introduction to Endor Labs

Part 2: Vulnerability Remediation and ROI

Part 3: AI and Code Security

Part 4: Leadership and Culture

Sign in to continue reading, translating and more.

Continue

Modern CTO

Part 1: Introduction to Endor Labs

Introduction to Endor Labs and the Developer Productivity Tax

Endor Labs' Approach to Solving Security Vulnerabilities

Vulnerability Data and Malicious Code in Open Source

Part 2: Vulnerability Remediation and ROI

Automating Vulnerability Remediation

The Developer Productivity Tax and ROI

Part 3: AI and Code Security

Endor Labs' Call to Action and AI Coding Agents

Securing AI-Generated Code

Integration and Support for Diverse Codebases

Addressing Security Debt and Developer Frustration

Aligning Security and Development OKRs

AI, Legacy Code, and Paved Roads

Vibe Coders, Citizen Developers, and the Need for Guardrails

Part 4: Leadership and Culture

Leadership Advice: Transparency and Culture

Leadership Mistakes: Avoiding Groupthink

Balancing Startup Life and Personal Relationships

Securing Everything from 40-Year-Old C++ to GenAI Code with Varun Badhwar, CEO of Endor Labs

Modern CTO

Part 1: Introduction to Endor Labs

00:00Introduction to Endor Labs and the Developer Productivity Tax

Introduction to Endor Labs and the Developer Productivity Tax

02:38Endor Labs' Approach to Solving Security Vulnerabilities

Endor Labs' Approach to Solving Security Vulnerabilities

07:05Vulnerability Data and Malicious Code in Open Source

Vulnerability Data and Malicious Code in Open Source

Part 2: Vulnerability Remediation and ROI

11:33Automating Vulnerability Remediation

Automating Vulnerability Remediation

14:23The Developer Productivity Tax and ROI

The Developer Productivity Tax and ROI

Part 3: AI and Code Security

17:03Endor Labs' Call to Action and AI Coding Agents

Endor Labs' Call to Action and AI Coding Agents

20:30Securing AI-Generated Code

Securing AI-Generated Code

23:22Integration and Support for Diverse Codebases

Integration and Support for Diverse Codebases

26:36Addressing Security Debt and Developer Frustration

Addressing Security Debt and Developer Frustration

29:04Aligning Security and Development OKRs

Aligning Security and Development OKRs

32:05AI, Legacy Code, and Paved Roads

AI, Legacy Code, and Paved Roads

36:35Vibe Coders, Citizen Developers, and the Need for Guardrails

Vibe Coders, Citizen Developers, and the Need for Guardrails

Part 4: Leadership and Culture

40:02Leadership Advice: Transparency and Culture

Leadership Advice: Transparency and Culture

43:23Leadership Mistakes: Avoiding Groupthink

Leadership Mistakes: Avoiding Groupthink

45:54Balancing Startup Life and Personal Relationships

Balancing Startup Life and Personal Relationships