Mend.io Blog

Impact Analysis of RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover. Learn about the vulnerability, impact assessment, and more

Discover the NIST Supply Chain Risk Management Program.. Learn how to manage cybersecurity risks in digital supply chains effectively.

Learn why vulnerability management must go beyond CVSS to priority scoring for better open source security and remediation prioritization.

Discover how AWS was targeted by a malicious package backfill attack, the methods used by attackers, and how to protect against such attacks.

Discover the top 5 vulnerability assessment scanning tools and learn how to prioritize and remediate vulnerabilities to secure your org.

Learn best practices for immediate remediation of the Spring4Shell vulnerability, including detection, and prioritization.

Learn about the Spring4Shell vulnerability (CVE-2022-22965), its potential impact, and how to prepare your Java applications.

Learn why automated software supply chain attacks are a growing threat. Discover how to protecting your org from malicious NPM packages.

Learn about the Spring4Shell Zero-Day Vulnerability CVE-2022-22965 with information, updates, mitigation guidance, and more.

Learn how to set benchmarks for false positives in SAST tools to enhance application security and improve developer efficiency.

Address SAST false positives in your application security testing.

Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.

Learn how to implement software supply chain risk management to safeguard your critical assets. Discover best practices, & more.

Discover the 7 key differences between SAST and SCA tools in application security.

Learn about our innovative approach to detecting and remediating custom code vulnerabilities for a more secure future.

Learn about the five critical facts about npm package security, including how attackers exploit trust, default behaviors, and dependency hell.