Read about application security, DevSecOps, open source license compliance and audit
Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...
Mend SCA available as an action within new DevOps service, Amazon CodeCatalyst
Learn what shift left testing means, how it can save you time and costs, and why you need to shift left your open source components’ management.
Why is integrating dependency management into cloud services so important, how do you manage dependencies better, and what does Mend do with Amazon Web Services (AWS) to help you achieve this?
Mend’s new integration with Bitbucket Cloud brings smart, automated risk reduction to DevOps teams with ultra-fast rollouts and 100 percent adoption rates.
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
Discover what a good AppSec program should look like and the best practices to implement it, according to Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite.
Discover why your DevOps platform should be complemented with a security solution, learn how to achieve this, and find out how Mend’s partnership with CloudBees delivers security that safeguards your code, software, and applications.
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Learn why automation is a critical element of modern application security programs.
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
What we know about the new OpenSSL critical security vulnerability.
The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...
For Cybersecurity Awareness Month, we take a closer look at using automation to improve AppSec, as well as how to safeguard the devices you use at home.
There’s a common perception that the security posture of Go could improve. The Mend research team decided to investigate, and uncovered five new vulnerabilities.
To adopt the second principle of modern application security programs, IT teams must move beyond shift left to and learn how to shift smart.
Explaining the first principle of modern application security programs: meticulous prep and planning.
Mend Research uncovered an unusual attack in RubyGems that exploited a previously existing package with a significant number of downloads to launch a typosquatting attack.
In honor of Cybersecurity Awareness Month, Mend Research Team Lead Daniel Elkabes shares a snapshot of how the Mend research team approaches vulnerability research.
For Cybersecurity Awareness Month, Mend’s Chris Lindsey offers advice on how to solve some vexing AppSec challenges.
Discover what Evil-Colon attacks are, the kind of damage they can do, and what measures you can take to protect your code from them.
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
With a fresh example from Mend, discover how mentoring partnerships provide benefits that exceed individual growth by fostering a deeper understanding of how other parts of the organization work and how people can work better together.
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
It’s a common claim from many companies that their people are their most valuable asset. What’s less common, however, is the evidence to back this up. But at Mend, we have matched our commitment to our teams with learning and development opportunities to support the personal and professional growth of our Menders. As the company...
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
While software composition analysis (SCA) has been around for years, today’s analysts are enhancing their recommendation for enterprise development teams to use the technology. One example: at the recent Gartner Security and Risk Management Summit, Gartner analyst Dale Gardner said: “Managing open-source software is the easiest and most impactful thing you can do to improve...
The White House and the Executive Office of the President of the U.S, have just issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. This follows two new acts from U.S. Congress that strengthen cybersecurity and information security and an executive order on cybersecurity from the office of the U.S. President. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.
Daniel Elkabes, Mend’s vulnerability research team leader, sets out what he considers to be the four critical areas every cybersecurity leader should be investing in now to help set their team up for success.
In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.
“The latest Gartner report recommends that security and risk management leaders adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.” Download this report from Gartner to learn: The different application security tools that...