Building Security Culture Starts with Building Relationships
Development and security teams should be friends, not adversaries. Learn how to build trust and empathy between your teams.
Choose Your Type
Choose Your Topic
Our Latest Content
What New Security Threats Arise from The Boom in AI and LLMs?
Learn about the big threats that come with AI and LLM technology.
Securing Cloud-Native Applications Across the Software Development Life Cycle
Learn how to apply security and risk reduction techniques at each stage of the SDLC. And, why automating risk reduction is the only way to reduce cloud-native application risk at an enterprise scale.
What Developers Need to Succeed for Effective Application Security
Incorporate security into your development processes. Set your developers up for security success with these tips.
Best Practices of Highly Effective AppSec Programs
Discover what the latest research commissioned by Mend.io says about optimizing application security.
Mend.io Launches Mend Renovate Enterprise Edition
Learn about Mend Renovate Enterprise Edition, which offers automated dependency management and technical debt reduction at scale.
What Mend.io’s AppSec Experts Say About Cybersecurity
Discover issues in the current cybersecurity landscape that have the attention of six of Mend.io’s leading experts.
Add to Your AppSec Arsenal with Mend.io’s Integration with Secure Code Warrior®
Learn about Mend.io’s integration with Secure Code Warrior®, how and why it will strengthen your AppSec.
Let’s Embrace Death in the Software Development Lifecycle
At some point we must say goodbye to our beloved products. Mend.io VP of Product Jeff Martin explains why letting go keeps companies alive.
ESG Report: Optimizing Application Security Effectiveness
In a digital economy, application security is crucial to success. In this new report, TechTarget’s Enterprise Strategy Group identified important best practices for building effective application security programs.
New ESG Research Report Outlines Best Practices for Effective Application Security Programs
Learn what the latest research says about why application security programs struggle and what you can do to strengthen your AppSec.
Why The US Government Continues to Push for Software Supply Chain Security
What goals arose from the OpenSFF summit and what do they tell us about the US government’s stance on software supply chain security?
The Latest Trends in API Security: The 2023 OWASP API Security Top Ten
Discover the main findings in the OWASP 2023 API Security Top Ten and their importance for application security.
Why Dependency Management Reduces Your Enterprise’s Technical Debt
Most code is old code and old code is risky code. Learn why enterprise organizations should use dependency management tools to reduce technical debt over the long term.
Cybersecurity Awareness Month 2023: Five Reasons You Need Automatic Software Updates for Your Application Security.
To mark Cybersecurity Awareness Month 2023, discover five key reasons why automated software updates are so vital for your application security.
Holistic AppSec and Software Supply Chain Security
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Vulnerability Assessment: A Guide
Performing a vulnerability assessment is the first step towards securing your organization. We breakdown what you need to know and where to start.
What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?
Discover why and how dependency management has become more significant as regulation and governance of the software supply chain escalates.
Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Communicating the Value of Your Company With SBOMs
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
How Software Supply Chain Security Regulation Will Develop, and What Will It Look Like?
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
Why Legal Regulation Shifts Responsibility for Software Supply Chain Security to Vendors
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Are You Protected from the 12 Most Exploited Vulnerabilities?
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
The State of Supply Chain Threats
Download this report to learn what organizations are doing to mitigate software supply chain risk.
Tips and Tools for Open Source Compliance
Learn more about keeping track of open source licenses and the tools that can help.
Eight Considerations for Thwarting Malicious Packages
Discover eight key considerations to help you thwart the escalating threat of malicious packages and secure your software and applications.
Building a Preventive Strategy for Open-Source Software Security
Preventive application security doesn’t have to slow development or divert limited resources away from pressing business requirements. Instead, it can reduce an organization’s attack surface, minimize future security issues, and help keep businesses on track. Learn more in this white paper.
Handling Open Source Context Licensing: Wrong Answers Only
Learn more about the need to identify open-source code and the license types being used. And, why you need to identify not just direct dependencies but also transitive dependencies.
Special Report: Malicious Packages
Learn more about the growing threat of malicious packages in this webinar with Jeanette Sherman, Sr. Product Marketing Manager - Mend.io.
What You Can Do to Stop Software Supply Chain Attacks
Discover the best practices you can employ to strengthen your software supply chain security.
Five Key Application Security Best Practices and Benefits for Maintaining Up-to-Date Dependencies
Learn the risks involved in using outdated dependencies, as well as the benefits and best practices involved in updating them.
How Software Supply Chain Attacks Work, and How to Assess Your Software Supply Chain Security
Discover how software supply chain attacks work, their typical characteristics, and how you can assess the security of your software supply chain.
Seven DevSecOps Best Practices: Challenges and How to Address Them
Discover seven key considerations for a successful and secure DevSecOps methodology to secure your software supply chain.
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron.
A New Version of Mend for Containers is Here
Mend for Containers allows you to scan container images and registries at scale, provides runtime vulnerability prioritization for Kubernetes clusters, and protects cloud-native applications from vulnerabilities and license risks throughout the SDLC.