NVD Update: More Problems, More Letters, Some Questions Answered
We're not saying the NVD is dead but it's not looking good.
Read about application security, DevSecOps, license compliance, and software supply chain security.
We're not saying the NVD is dead but it's not looking good.
Learn how to navigate Large Language Model (LLM) risks and ensure the responsible development and deployment of these powerful models.
Discover the benefits. of keeping your software dependencies up-to-date. Learn how to manage dependencies effectively.
In this new report, get step-by-step instructions to take down five common supply chain threats. Moreover, we simulated two attack scenarios to show real-life examples of our hunting methodology in action.
Learn how Mend.io and Sysdig together cover your cloud native applications throughout the software life cycle.
This webinar shares tactics for effectively hunting five high-profile supply chain threats, as well as analyzing real-life examples of our hunting methodology in action.
AI models are valuable assets. How do you keep them safe?
There's more to open source risk than CVEs!
Learn how to shift to a mature and proactive application security program that provides visibility and control.
Read this quick guide to the types of vulnerabilities that affect containers.
Improve your code while reducing security risks with automated dependency updates.
This webinar will equip you with the knowledge and strategies to confidently leverage LLMs in your applications.
The National Vulnerability Database (NVD) has been experiencing a mounting backlog in enriching CVEs. Learn more about what's happening.
An overview of the top vulnerabilities affecting large language model (LLM) applications.
For most companies, the foundations of AI problems are the same as open source problems. From there it gets a little weird.
A critical vulnerability (CVE-2024-3094) was discovered in the XZ Utils library on March 29th.
In this session, our experts will delve into the intricacies of building a robust application security program.
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry.
Open source components play a huge part in the products, software, and applications that organizations create, by providing the core code for their output. It’s a trend that continues to...
A not so model citizen: how AI trained on bad data leads to discrimination against women.
Patch the right apps first. Learn how EPSS scores help prioritize critical vulnerabilities & go beyond CVSS.
Stop reacting and start preventing with SAST & secure code training. Prioritize risks and empower developers to write secure code.
Read our guide on creating an effective container security program with reachability analysis.
Mend Container finds runtime threats and secrets, scans Kubernetes clusters for in-use containers, and provides full coverage from development to deployment.
Join us for an in-depth discussion of what it takes to stop playing defense when it comes to application security.
The NVD has a large backlog of unanalyzed vulnerabilities. See if you're impacted.
Announcing the launch of our new tool, Mend AI to identify, track, and secure AI and AI-generated code.
Can you scan your containers with any old SCA and still get good results?
Join experts from AWS and Mend.io discussing strategies for optimizing container security in the AWS cloud.
Find ways to reduce security debt and overall risk without negatively impacting either the development process or software functionality. Learn more in this white paper.
Using SBOMs to create software inventories to meet compliance or industry requirements is a great start. However, the possibilities beyond compliance are even more compelling. Ultimately, the real value lies in evolving SBOMs from informational resources to actionable business tools. Learn more in this white paper.
Learn the importance of scanning container images for vulnerabilities to keep your containerized environments safe.
Learn about secrets detection and management – very important but often overlooked parts of application security.
Learn about the Common Vulnerability Scoring Systems 4.0 update as well as new metrics.
Drowning in SAST alerts or afraid to even add SAST to your AppSec arsenal? Let's talk about how to use SAST effectively.
Watch this webinar to learn how automating your dependency updates improves developer efficiency and reduces technical debt.