Varun Badhwar

Varun Badhwar, a luminary in the cyber security industry, joins Chris and Robert to discuss scanning with context, SBOM plus VEX, and the developer productivity tax. The integration of SBOM plus VEX aims to streamline the vulnerability management process, ensuring that only relevant and critical threats are addressed. They also emphasize the importance of 'Scanning with Context' to avoid false positives and irrelevant findings.

Varun Badhwar, co-founder and CEO of Endor Labs, and Henrik Plate, Principal Security Researcher at Endor Labs, dive into the complexities of AI-assisted software development. They discuss the rapid adoption of MCPs and the emerging security risks, including malicious packages that exploit agents. The conversation highlights the shortcomings of traditional AppSec and argues for embedding security in IDEs. With insights from their 2025 State of Dependency Management report, they stress the importance of integrating security from the start to combat rising vulnerabilities.

Varun Badhwar, CEO of Endor Labs and a software security expert, dives into the pressing challenges of securing both open-source and AI-generated code. He highlights how 90% of code is derived from open-source, creating significant risks, and discusses innovative strategies like using call graphs to enhance security. Varun emphasizes the importance of integrating security in coding workflows and addresses the vulnerabilities caused by AI coding agents. Additionally, he shares insights on automating remediations and the need for robust security oversight to protect against malicious code.