Mend.io Blog

Learn why vulnerability management must go beyond CVSS to priority scoring for better open source security and remediation prioritization.

Discover how AWS was targeted by a malicious package backfill attack, the methods used by attackers, and how to protect against such attacks.

Discover the top 5 vulnerability assessment scanning tools and learn how to prioritize and remediate vulnerabilities to secure your org.

Learn best practices for immediate remediation of the Spring4Shell vulnerability, including detection, and prioritization.

Learn about the Spring4Shell vulnerability (CVE-2022-22965), its potential impact, and how to prepare your Java applications.

Learn why automated software supply chain attacks are a growing threat. Discover how to protecting your org from malicious NPM packages.

Learn about the Spring4Shell Zero-Day Vulnerability CVE-2022-22965 with information, updates, mitigation guidance, and more.

Learn how to set benchmarks for false positives in SAST tools to enhance application security and improve developer efficiency.

Address SAST false positives in your application security testing. Explore causes, preventive measures, and the benefits of using Mend SAST.

Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.

Learn how to implement software supply chain risk management to safeguard your critical assets. Discover best practices, & more.

Discover the 7 key differences between SAST and SCA tools in application security. Learn how they integrate into the SDLC process.

Learn about our innovative approach to detecting and remediating custom code vulnerabilities for a more secure future.

Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.

Discover how a malicious package found stealing AWS AIM data on npm has similarities to the Capital One hack. Learn about the threat.

CVE-2021-44142 allows bad actors to execute arbitrary code as root on Samba. Learn about the vulnerability, exploit, and how to fix it.