Guides
Protect AI models, data, and systems
Test for behavioral risks in conversational AI
Mitigating risks and future trends
AppSec types, tools, and best practices
Automating dependency updates
Manage open source code
Keep source code safe
Improve transparency, security, and compliance
Pre-production scanning and runtime protection
Secure containerized applications
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.
Mend.io β Backstage Integration: Bringing Security Insights Where You Need Them
Backstage offers wide views and controls across the development process and with the Mend.io plugin, deep insights into application risks overall or by project.
The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security
This post covers the attack flow, how it happened, and the importance of supply chain security.
Benefits of VEX for SBOMs
SBOMs alone are overwhelming. Learn how VEX adds context, highlighting real threats for efficient risk management.
Mend.io is a Strong Performer in the Forrester Waveβ’ Software Composition Analysis, Q4 2024
See why Mend.io is recognized as a Strong Performer in The Forrester Waveβ’ Software Composition Analysis (SCA) Q4 2024 report.
Infrastructure as Code: How It Works & Top Tools in 2025
Learn about Infrastructure as Code (IaC) best practices, benefits, and tools.
All About RAG: What It Is and How to Keep It Secure
Learn about retrieval-augmented generation, one complex AI system that developers are using.
Vital Signs of Software Dependencies: Understanding Package Health
Learn how package health data empowers developers to update safely and efficiently.
Itβs Cybersecurity Awareness Month-Letβs Talk AppSec
October is Cybersecurity Awareness Month. Learn how to protect your software and reduce risks with AppSec tips.
Cybersecurity Awareness Month: AI Safety for Friends and Family
This blog is for your friends and family working outside of the security and technical industries.
Don’t Treat DAST Like Dessert
DAST is an essential part of a nutritious application security dietβnot just a once-a-quarter treat.
The Power of Platform-Native Consolidation in Application Security
Streamline workflows, consolidate data, boost security posture, and empower developers to focus on innovation.
What is the KEV Catalog?
A quick guide to the Known Exploited Vulnerabilities (KEV) catalog.
What Is Application Security? Types, Tools and Best Practices
Explore our application security complete guide and find key trends, testing methods, best practices, and tools to safeguard your software.
Introducing the Mend AppSec Platform
The Mend AppSec platform offers customers everything needed to build proactive application security through one solution, at one price.
ASPM and Modern Application Security
Gartner's 2024 Hype Cycle for Application Security: ASPM moves from peak to trough.
Never miss a post. Opt-out at any time.
Youβre all set to receive our latest posts.
