Holistic AppSec and Software Supply Chain Security
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Choose Your Type
Choose Your Topic
Our Latest Content
Vulnerability Assessment: A Guide
Performing a vulnerability assessment is the first step towards securing your organization. We breakdown what you need to know and where to start.
Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Communicating the Value of Your Company With SBOMs
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
How Software Supply Chain Security Regulation Will Develop, and What Will It Look Like?
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
Why Legal Regulation Shifts Responsibility for Software Supply Chain Security to Vendors
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Are You Protected from the 12 Most Exploited Vulnerabilities?
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
Building a Preventive Strategy for Open-Source Software Security
Preventive application security doesn’t have to slow development or divert limited resources away from pressing business requirements. Instead, it can reduce an organization’s attack surface, minimize future security issues, and help keep businesses on track. Learn more in this white paper.
Special Report: Malicious Packages
Malicious packages are a growing threat, and they may already have infiltrated your applications. Like any malware, malicious packages can inflict significant damage. Learn more in this webinar with Jeanette Sherman, Sr. Product Marketing Manager – Mend.io.
Five Key Application Security Best Practices and Benefits for Maintaining Up-to-Date Dependencies
Learn the risks involved in using outdated dependencies, as well as the benefits and best practices involved in updating them.
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron.
A New Version of Mend for Containers is Here
Mend for Containers allows you to scan container images and registries at scale, provides runtime vulnerability prioritization for Kubernetes clusters, and protects cloud-native applications from vulnerabilities and license risks throughout the SDLC.
Top Ten Tips to Choose a Great SAST Tool
Discover the top ten tips you should consider when choosing a SAST tool that’s right for you and your organization.
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
SBOMs: A Roadmap for a Secure Software Journey
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...
Product Demo Overview
See the Mend.io platform in action in a brief video overview.
Mend.io – Autopilot for AppSec
Explore Autopilot for AppSec. Mend.io seamlessly automates processes, integrating where devs already work while empowering security to ship without worry.
The New Era of AI-Powered Application Security. Part Three: How Can Application Security Cope With The Challenges Posed by AI?
Discover what approaches to consider when addressing AI’s application security risks.
Two Birds, One Stone: Shrinking Security Debt and Attack Surfaces
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities: Delivering new capabilities and addressing existing security technical debt. Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and...
The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk
Discover what vulnerabilities AI can cause and the application security risks it poses.
The New Era of AI-Powered Application Security. Part One: AI-Powered Application Security: Evolution or Revolution?
Find out why AI challenges traditional approaches to application security.
How Does SLSA Help Strengthen Software Supply Chain Security?
Find out what SLSA is and how it contributes to software supply chain security.
Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Malicious Packages Special Report – Attacks Move Beyond Vulnerabilities
Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code...
Announcing the Open-Source Reliability Leaderboard: A New Resource for Preventive AppSec
Powered by data from Renovate, Mend.io’s popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.
Open-Source Reliability Leaderboard
Powered by data from Renovate Bot, Mend.io’s wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages - npm, Maven, and PyPi.
Open Source Risk Report Checklist
Check your open source risk with this checklist.
CVSS 4.0 — What’s New?
Find out why the CVSS is updating to version 4.0, what’s happening to it, and how we can get the best from it to strengthen your application security.
The Forrester Wave™: Software Composition Analysis, Q2 2023
Mend.io is described as a visionary that played an outsized role in shaping the SCA market, whose remediation-first approach has spurred innovation for better vulnerability prioritization and automated remediation.
How to Boost Confidence in Your Open Source Security with Mend Smart Merge Control
Learn how Mend Smart Merge Control strengthens your confidence in your open source security and your dependency health.
7 Best Practices for Modern AppSec Programs
Mend.io’s top team explains what they consider to be AppSec best practices, and how they maximize the ROI in an AppSec program.
Mend.io Launches AppSec Risk Assessment Program
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Understanding the Anatomy of a Malicious Package Attack
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
Mend.io and AWS Webinar: Five Principles of Modern Application Security Programs
Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a...
The Importance of Adopting Modern AppSec Practices
Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security. Mend.io CEO Rami...