Modern CTO Securing Everything from 40-Year-Old C++ to GenAI Code with Varun Badhwar, CEO of Endor Labs
Oct 13, 2025
Varun Badhwar, CEO of Endor Labs and a software security expert, dives into the pressing challenges of securing both open-source and AI-generated code. He highlights how 90% of code is derived from open-source, creating significant risks, and discusses innovative strategies like using call graphs to enhance security. Varun emphasizes the importance of integrating security in coding workflows and addresses the vulnerabilities caused by AI coding agents. Additionally, he shares insights on automating remediations and the need for robust security oversight to protect against malicious code.
AI Snips
Chapters
Transcript
Episode notes
Open Source Drives A Developer Productivity Tax
- Most application code is assembly of open-source libraries, and much of that code is unvetted and risky.
- The resulting developer productivity tax is caused by noisy security alerts that waste developer time.
Manifest Scans Miss Real Usage
- Manifest-based scanning assumes every declared library vulnerability affects you and floods teams with false positives.
- Tracing actual call graphs to lines of code reveals which vulnerabilities truly impact an application.
Precompute Call Graphs For Fast Scans
- Pre-compute call graphs for open-source packages and stitch them to your first-party code to enable fast analysis.
- Run this analysis during development to catch real issues within minutes, not days.