Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
NVD’s Backlog Triggers Public Response from Cybersec Leaders
The National Vulnerability Database's backlog triggers a public response from cybersecurity leaders. Concerns raised, open letter to Congress
What You Need to Know About Hugging Face
Stay informed about the risks and challenges of AI models with Hugging Face. Learn how to identify and secure AI-generated code.
Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise 1
Discover how CVE-2024-3094 affects XZ Utils and enables SSH compromise. Get insights on detection, mitigation, and system security.
Learning From History: AI Gender Bias
Learn about AI gender bias in large language models, how historical data impacts AI, & implications for women in health & car safety fields.
Container Security: Creating an Effective Security Program with Reachability Analysis
Learn how to create an effective container security program with reachability analysis to protect your applications from vulnerabilities.
Mend.io Launches Mend Container
Mend.io launches Mend Container to address security in cloud-native development, offering reachability analysis and secrets detection.
Breaking: What is Going on with the NVD? Does it Affect Me?
Learn about the current issues with the National Vulnerability Database, how it affects vulnerability reporting, and how Mend SCA can help.
What is the difference between an SCA scan and a container scan?
Learn about the difference between SCA scans and container scans, why scanning containers for vulnerabilities is important.
How is a Container Scan Done?
Learn the importance of scanning container images for vulnerabilities to keep your containerized environments safe.
Secrets Management vs Secrets Detection: Here’s What You Need to Know
Learn about the importance of secrets management vs secrets detection in application security. Protect your sensitive data.
CVSS 4.0 is Here: How to Make the Most of It
Learn about the latest version of CVSS 4.0. Understand the new metrics and how to use them in your org's vulnerability remediation strategy.
Quality vs. Quantity: How to Get the Most Out of SAST
Learn how to make the most out of Static Application Security Testing (SAST) without overwhelming developers.
What Existing Security Threats Do AI and LLMs Amplify? What Can We Do About Them?
Learn about the existing security threats that AI and LLMs amplify and how to protect against them.
Mend’s Handy Guide to Using EPSS Scores
Discover Mend's Handy Guide to Using EPSS Scores. Learn how EPSS can predict exploits and prioritize vulnerability remediation effectively.
Six More Top Tips For Holistic AppSec and Software Supply Chain Security
Learn how to strengthen your security posture with holistic approaches to application security and software supply chain security.
Six Top Tips For Holistic AppSec and Software Supply Chain Security
Discover six top tips for holistic application security and software supply chain security for long-term success.
