Holistic AppSec and Software Supply Chain Security
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Performing a vulnerability assessment is the first step towards securing your organization. We breakdown what you need to know and where to start.
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
Preventive application security doesn’t have to slow development or divert limited resources away from pressing business requirements. Instead, it can reduce an organization’s attack surface, minimize future security issues, and help keep businesses on track. Learn more in this white paper.
Malicious packages are a growing threat, and they may already have infiltrated your applications. Like any malware, malicious packages can inflict significant damage. Learn more in this webinar with Jeanette Sherman, Sr. Product Marketing Manager – Mend.io.
Learn the risks involved in using outdated dependencies, as well as the benefits and best practices involved in updating them.
See the attack flow of this new info-stealer Mend.io detected and how it can stay undetected by abusing trusted development tools like Electron.
Mend for Containers allows you to scan container images and registries at scale, provides runtime vulnerability prioritization for Kubernetes clusters, and protects cloud-native applications from vulnerabilities and license risks throughout the SDLC.
Discover the top ten tips you should consider when choosing a SAST tool that’s right for you and your organization.
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...
See the Mend.io platform in action in a brief video overview.
Explore Autopilot for AppSec. Mend.io seamlessly automates processes, integrating where devs already work while empowering security to ship without worry.
Discover what approaches to consider when addressing AI’s application security risks.
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities: Delivering new capabilities and addressing existing security technical debt. Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and...
Discover what vulnerabilities AI can cause and the application security risks it poses.
Find out why AI challenges traditional approaches to application security.
Find out what SLSA is and how it contributes to software supply chain security.
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code...
Powered by data from Renovate, Mend.io’s popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.
Powered by data from Renovate Bot, Mend.io’s wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages - npm, Maven, and PyPi.
Check your open source risk with this checklist.
Find out why the CVSS is updating to version 4.0, what’s happening to it, and how we can get the best from it to strengthen your application security.
Mend.io is described as a visionary that played an outsized role in shaping the SCA market, whose remediation-first approach has spurred innovation for better vulnerability prioritization and automated remediation.
Learn how Mend Smart Merge Control strengthens your confidence in your open source security and your dependency health.
Mend.io’s top team explains what they consider to be AppSec best practices, and how they maximize the ROI in an AppSec program.
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a...
Security is an increasingly critical aspect of application development. As the volume of applications rapidly expands, so does the volume of source code, components, and dependencies used to create them. With them comes a growth in the potential attack surface and an escalation in the variety of threats to your application security. Mend.io CEO Rami...