Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious packages are a growing threat, and they may already have infiltrated your applications. Malicious package attacks spiked significantly from 2021 to 2022, further indication of their growing security risk to the open source ecosystem. Mend.io research observed a 315 percent spike in the publication of malicious packages to open source registries such as npm...
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
What should you look for in a modern open source license management tool, why and how to do so, the challenges and the future of open source license management.
This report identifies the extent to which the financial services industry is active in open source, creating a baseline of understanding of governance, leadership, consumption, contribution, culture, and overall open source aspiration. Further, the report highlights the obstacles and challenges to improving industry-wide collaboration and concludes with a set of actionable insights for improving the...
Learn how to build your open source security program.
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
What we know about the new OpenSSL critical security vulnerability.
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
The ins and outs of open source security in one comprehensive guide. A full rundown of all security measures.
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
In the hopes of clearing up some of the confusion, we’ve mapped out some of the elements that can help us conduct an actionable open source license comparison.
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
Mend Annual Report Open Source Vulnerabilities 2021
What are the top challenges facing the financial industry today, and how can financial institutions address them?
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.