Six Steps to Achieve Zero Trust in Application Security
Discover the four steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Choose Your Type
Choose Your Topic
Our Latest Content
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
Mend Epitomizes RSA 2022 Theme, “Transform”
Learn how Mend is bringing RSA 2022’s “transform” theme to life with its own transformation, what that means for customers, and what we’re anticipating from the conference.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Vulnerability Remediation: A Practical Guide
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning
WhiteSource security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
New Typosquating Attack on npm Package ‘colors’ Using Cross language Technique Explained
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
What is the NIST Supply Chain Risk Management Program?
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
Plan and Protect: A Modern Plan for Open-Source Security
In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...
AWS Targeted by a Package Backfill Attack
On April 28 and April 30, respectively, Mend Diffend identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Whitesource security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets packages...