Software Composition Analysis Explained
Find out what a Software Composition Analysis tool is and why it should be part of your application security portfolio.
Choose Your Type
Choose Your Topic
Our Latest Content
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities
Malicious packages are a growing threat, and they may already have infiltrated your applications. Malicious package attacks spiked significantly from 2021 to 2022, further indication of their growing security risk to the open source ecosystem. Mend.io research observed a 315 percent spike in the publication of malicious packages to open source registries such as npm...
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Open Source License Management Tools: Challenges, Opportunities, and What to Look Out For
What should you look for in a modern open source license management tool, why and how to do so, the challenges and the future of open source license management.
FINOS: The 2022 State of Open Source in Financial Services
This report identifies the extent to which the financial services industry is active in open source, creating a baseline of understanding of governance, leadership, consumption, contribution, culture, and overall open source aspiration. Further, the report highlights the obstacles and challenges to improving industry-wide collaboration and concludes with a set of actionable insights for improving the...
Guide to Open Source Software Security
Learn how to build your open source security program.
Why an SBOM is Vital to Application Security and Compliance
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Open Source Licenses in 2022: Trends and Predictions
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
The Forrester Wave: Software Composition Analysis, 2021 – WhiteSource Is a Leader
What’s in the report? Find out how the top 10 SCA vendors rank and why Forrester named WhiteSource a leader in their Software Composition Analysis Wave™ Report, Q3 2021. Why should Software Composition Analysis matter to you? Forrester reports that open source components made up 75% of all code bases in 2020, up from 36%...
The Complete Guide to Open Source Security
The ins and outs of open source security in one comprehensive guide. A full rundown of all security measures.
Celebrating Pride: LGBTQ+ Open Source Projects and Programs We Love
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
Top Tips for Technical Due Diligence Process
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
Open Source License Comparison: Connecting and Contrasting The Dots
In the hopes of clearing up some of the confusion, we’ve mapped out some of the elements that can help us conduct an actionable open source license comparison.
All About Mend’s 2021 Open Source Security Vulnerabilities Report
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
The State of Open Source Vulnerabilities 2021
Mend Annual Report Open Source Vulnerabilities 2021
Top 3 AppSec Challenges to the Financial Industry
What are the top challenges facing the financial industry today, and how can financial institutions address them?
Mend on Mend
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
Selecting Technology Solution To Comply With OpenChain ISO Standard
OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...
Setting Up an Effective Vulnerability Management Policy
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.
Renovating with Renovate
Renovate was originally created to scratch an internal itch, so we’ve been both enjoying its capabilities and testing them from day one. When people get started or get comfortable with using Renovate, it’s pretty understandable that they might look at the Renovate project itself as a reference user. We’ve put together this post to share how...