Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Discover seven key considerations for a successful and secure DevSecOps methodology to secure your software supply chain.
DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps...
Organizations of all kinds are experiencing increasing volumes, frequency and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a...
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
Learn more about challenges, best practices, and good strategies for dependency management, and discover our three favorite tips.
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
How do fintech companies address the risks posed by vulnerabilities like Spring4Shell? Here’s how Mend tackled the issue for MSCI to speedily thwart any potential threats.
Discover what the key considerations are for building a successful cloud security, according to a recent panel discussion attended by Mend’s Jack Marsal.
Learn the five key principles of modern application security and why they’re so vital.
Discover how financial services are embracing open source in this summary of the Fintech Open Source Foundation’s latest report.
Learn who should take responsibility for application security, according to Mend VP of Product Management Jeffrey Martin.
Docker is a complicated beast, and there is no simple trick you can use to maintain Docker container security. We offer a set of best practices to help you.
Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s...
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
Our team detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages.
While detecting vulnerabilities is important, you also need to know the ones that pose the highest risk to your business. Learn why prioritizing vulnerabilities is vital to effective application security, the key considerations when prioritizing, and what an effective prioritization process looks like.
Until recently, application security testing was cumbersome and time-consuming. Now, enterprises using Azure DevOps Repos can add automated application security testing directly to the repo. This DevSecOps approach combines convenience for developers along with features that security professionals want such as centralized deployment, management and policy enforcement. If your organization uses Azure DevOps, attend this...
Building a modern application security program requires a robust DevSecOps environment built on collaboration. For many companies, that means shifting away from IT silos towards a shared-responsibility mindset regarding security across the organization.
Cloud-native applications are at particular risk from vulnerabilities in their code. Discover why and how you should assess these risks in order to reinforce your security.
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...