Welcome To Mend Resource Center

Read about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Content

DevSecOps Roundtable Discussion

Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...

Software Security Challenges & Opportunities in Banking

The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...

A Rash of Recent CVEs in Go

There’s a common perception that the security posture of Go could improve. The Mend research team decided to investigate, and uncovered five new vulnerabilities.

Are You CODEfident?

We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...

Building a Modern Application Security Strategy for an App-Run World

As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...

Growth Through Mentorship at Mend

It’s a common claim from many companies that their people are their most valuable asset. What’s less common, however, is the evidence to back this up. But at Mend, we have matched our commitment to our teams with learning and development opportunities to support the personal and professional growth of our Menders. As the company...

Why Software Composition Analysis is “Transformational” Technology

While software composition analysis (SCA) has been around for years, today’s analysts are enhancing their recommendation for enterprise development teams to use the technology. One example: at the recent Gartner Security and Risk Management Summit, Gartner analyst Dale Gardner said: “Managing open-source software is the easiest and most impactful thing you can do to improve...

White House Issues New Guidelines on Software Supply Chain Security – What Are the Challenges and Possible Outcomes?

The White House and the Executive Office of the President of the U.S, have just issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. This follows two new acts from U.S. Congress that strengthen cybersecurity and information security and an executive order on cybersecurity from the office of the U.S. President. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.

Application Security Debt – Warnings and Solutions

In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.

Gartner® Report – Hype Cycle™ for Application Security, 2022

“The latest Gartner report recommends that security and risk management leaders adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.” Download this report from Gartner to learn: The different application security tools that...