Top Open Source Licenses Explained
Increase your knowledge of open source licenses by learning what the main types are, how they work, and how they differ.
Choose Your Type
Choose Your Topic
Our Latest Content
Building Security Culture Starts with Building Relationships
Development and security teams should be friends, not adversaries. Learn how to build trust and empathy between your teams.
Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Communicating the Value of Your Company With SBOMs
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Tips and Tools for Open Source Compliance
Learn more about keeping track of open source licenses and the tools that can help.
Handling Open Source Context Licensing: Wrong Answers Only
Learn more about the need to identify open-source code and the license types being used. And, why you need to identify not just direct dependencies but also transitive dependencies.
What You Don’t Know Can Hurt You: Open Source License Compliance and M&A Activity
Learn more about the risk of not evaluating open source in M&A, how companies can prepare to avoid legal risks of non-compliance, and the role of open source license compliance.
Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.
Open-Source Reliability Leaderboard
Powered by data from Renovate Bot, Mend.io’s wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages - npm, Maven, and PyPi.
Top 10 Questions About the Apache License
We’ve compiled a list of the top 10 questions and answers about the Apache open source software license.
The Top 10 Questions about the GPL License – Answered!
10 questions & answers about GPL - GNU’s General Public License, and one of the most popular open source licenses.
What You Should Know About Open Source License Compliance for M&A Activity
Learn why open source license compliance is essential and what you can do to ensure compliance in readiness for M&A activity
What is Software Composition Analysis (SCA)?
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Open Source License Management Tools: Features and Best Practices
Discover the essential features and best practices you should have in your license management tool.
Open Source License Management Tools: Challenges, Opportunities, and What to Look Out For
What should you look for in a modern open source license management tool, why and how to do so, the challenges and the future of open source license management.
Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Malicious Code Deletes Directories If You Do Not Have a License
Mend researchers identify a new type of malicious code that deletes directories.
Why Open Source License Management Matters
Open source license management has become so important that governments are seeking to mandate it.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Open Source Licenses in 2022: Trends and Predictions
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
The Complete Guide for Open Source Licenses 2022
The Complete Guide for Open Source Licenses 2022
Celebrating Pride: LGBTQ+ Open Source Projects and Programs We Love
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
Top Tips for Technical Due Diligence Process
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.