What You Should Know About Open Source License Compliance for M&A Activity
Learn why open source license compliance is essential and what you can do to ensure compliance in readiness for M&A activity
Choose Your Type
Choose Your Topic
Our Latest Content
Software Composition Analysis Explained
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Open Source License Management Tools: Features and Best Practices
Discover the essential features and best practices you should have in your license management tool.
Open Source License Management Tools: Challenges, Opportunities, and What to Look Out For
What should you look for in a modern open source license management tool, why and how to do so, the challenges and the future of open source license management.
Top Open Source Licenses Explained
Increase your knowledge of open source licenses by learning what the main types are, how they work, and how they differ.
Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Malicious Code Deletes Directories If You Do Not Have a License
Mend researchers identify a new type of malicious code that deletes directories.
Why Open Source License Management Matters
Open source license management has become so important that governments are seeking to mandate it.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Open Source Licenses in 2022: Trends and Predictions
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
The Complete Guide for Open Source Licenses 2022
The Complete Guide for Open Source Licenses 2022
Celebrating Pride: LGBTQ+ Open Source Projects and Programs We Love
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
Top 10 GPL License Questions Answered
10 questions & answers about GPL - GNU’s General Public License, and one of the most popular open source licenses.
Top Tips for Technical Due Diligence Process
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
Open Source License Comparison: Connecting and Contrasting The Dots
In the hopes of clearing up some of the confusion, we’ve mapped out some of the elements that can help us conduct an actionable open source license comparison.
Top 10 Apache License Questions Answered
We’ve compiled a list of the top 10 questions and answers about the Apache open source software license.
Mend on Mend
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
Selecting Technology Solution To Comply With OpenChain ISO Standard
OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...
Three Open Source Software Security Myths Dispelled
Myths persist about the usage of open source components. The following are the top 3 concerns associated with open source use.
ISIT Shifting Compliance & Security Left – Into the Hands of The Developers
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...
FOSSAware -Software Composition Analysis application as part of an effective Open Source compliance program
Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software development. Undermanaging the consumption and redistribution of Open source expose the enterprise to extensive legal and security risks and is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading...
Open Source Licenses Explained
What's the difference between copyleft and permissive? Should you use a GNU GPL or MIT open source license? Open source licensing basics explained.
How to Set Up an Open Source Strategy
How to set up and implement an open source strategy that will ensure open source security and compliance.