Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Choose Your Type
Choose Your Topic
Our Latest Content
Communicating the Value of Your Company With SBOMs
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
How Software Supply Chain Security Regulation Will Develop, and What Will It Look Like?
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
Why Legal Regulation Shifts Responsibility for Software Supply Chain Security to Vendors
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Are You Protected from the 12 Most Exploited Vulnerabilities?
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
Tips and Tools for Open Source Compliance
Learn more about keeping track of open source licenses and the tools that can help.
Eight Considerations for Thwarting Malicious Packages
Discover eight key considerations to help you thwart the escalating threat of malicious packages and secure your software and applications.
Building a Preventive Strategy for Open-Source Software Security
Preventive application security doesn’t have to slow development or divert limited resources away from pressing business requirements. Instead, it can reduce an organization’s attack surface, minimize future security issues, and help keep businesses on track. Learn more in this white paper.
Handling Open Source Context Licensing: Wrong Answers Only
Learn more about the need to identify open-source code and the license types being used. And, why you need to identify not just direct dependencies but also transitive dependencies.
Special Report: Malicious Packages
Malicious packages are a growing threat, and they may already have infiltrated your applications. Like any malware, malicious packages can inflict significant damage. Learn more in this webinar with Jeanette Sherman, Sr. Product Marketing Manager – Mend.io.
What You Can Do to Stop Software Supply Chain Attacks
Discover the best practices you can employ to strengthen your software supply chain security.
Five Key Application Security Best Practices and Benefits for Maintaining Up-to-Date Dependencies
Learn the risks involved in using outdated dependencies, as well as the benefits and best practices involved in updating them.
How Software Supply Chain Attacks Work, and How to Assess Your Software Supply Chain Security
Discover how software supply chain attacks work, their typical characteristics, and how you can assess the security of your software supply chain.
Seven DevSecOps Best Practices: Challenges and How to Address Them
Discover seven key considerations for a successful and secure DevSecOps methodology to secure your software supply chain.
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron.
A New Version of Mend for Containers is Here
Mend for Containers allows you to scan container images and registries at scale, provides runtime vulnerability prioritization for Kubernetes clusters, and protects cloud-native applications from vulnerabilities and license risks throughout the SDLC.
Top Ten Tips to Choose a Great SAST Tool
Discover the top ten tips you should consider when choosing a SAST tool that’s right for you and your organization.
Operationalizing DevSecOps
DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps...
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
SBOMs: A Roadmap for a Secure Software Journey
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...
Product Demo Overview
See the Mend.io platform in action in a brief video overview.
Mend.io – Autopilot for AppSec
Explore Autopilot for AppSec. Mend.io seamlessly automates processes, integrating where devs already work while empowering security to ship without worry.
The New Era of AI-Powered Application Security. Part Three: How Can Application Security Cope With The Challenges Posed by AI?
Discover what approaches to consider when addressing AI’s application security risks.
Strange Bedfellows: Software, Security and the Law
An unlikely alliance is being forged between CISOs, software leaders and legal experts due to the ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape. Join Sam Quackenbush, Sr. Director of Field Innovation & Strategy – Mend.io for this live panel roundtable to discuss some of the top cyberlaw and...
Two Birds, One Stone: Shrinking Security Debt and Attack Surfaces
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities: Delivering new capabilities and addressing existing security technical debt. Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and...
Why is Software Vulnerability Patching Crucial for Your Software and Application Security?
Find out what software vulnerability patching is and why it's important for software and application security.
Malicious Package Trend Analysis
Malicious package publication increased by 315 percent in 2022. This significant spike is further evidence of the growing security threat malicious packages pose to open-source. Join Rhys Arkins, Vice President of Product Management – Mend.io in this panel of application and software security experts as they discuss strategies for addressing the malicious packages threat vector.
The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk
Discover what vulnerabilities AI can cause and the application security risks it poses.
Software Supply Chain Compliance: Ensuring Security and Trust in Your Software and Applications
Find out the key facts about software supply chain compliance, why it’s important and how best to implement it.
The New Era of AI-Powered Application Security. Part One: AI-Powered Application Security: Evolution or Revolution?
Find out why AI challenges traditional approaches to application security.
What You Don’t Know Can Hurt You: Open Source License Compliance and M&A Activity
Spoiler alert: In 2022, audits found open source in 100% of our customer engagements. Open source security and license compliance are primary concerns of acquirers and targets involved in tech merger and acquisition (M&A) transactions. Along with the intellectual property in their targets’ codebases, identifying open source in the target’s code base is essential to...
Malicious Packages: A Growing Threat to the Software Supply Chain
In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages. Learn how to secure your applications with this White Paper.
How Does SLSA Help Strengthen Software Supply Chain Security?
Find out what SLSA is and how it contributes to software supply chain security.
Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.