Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Choose Your Type
Choose Your Topic
Our Latest Content
DevSecOps – All You Need To Know
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Meticulous Prep and Planning–A Linchpin of Modern AppSec Programs
Explaining the first principle of modern application security programs: meticulous prep and planning.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Building a Modern Application Security Strategy for an App-Run World
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
How Manufacturing Companies can Safeguard Software and Assure Robust Quality and Compliance
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
Gartner® Report – Hype Cycle™ for Application Security, 2022
“The latest Gartner report recommends that security and risk management leaders adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.” Download this report from Gartner to learn: The different application security tools that...
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Mend API Helps Make SBOMs Simple
Discover how Mend has accelerated and automated the production of SBOMs with an API
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Forrester: The State Of Application Security, 2022
Application security teams face myriad challenges in 2022. Applications are once again the number one way in for malicious actors, and software supply chain vulnerabilities continue to climb. To move forward effectively, security professionals need to find a way to move beyond a tactical and reactive mindset to rebuild an application security that integrates tightly...
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
A Weaponized npm Package ‘@core-pas/cyb-core’ Proclaimed Pentesting Related
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
Introducing Mend Supply Chain Defender Integration with JFrog Artifactory
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
What is the NIST Supply Chain Risk Management Program?
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
5 Vulnerability Assessment Scanning Tools: 5 Solutions Compared
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
Bad Actors Are Targeting npms: How to Protect Your Supply Chain
Learn how the most popular JavaScript package manager, npm, is being used by malicious actors to launch attacks, run botnets and steal credentials and cryptocurrency. Attend this webinar to: Gain insight into the 1,300 malicious npm packages found by WhiteSource Diffend Learn how threat actors are using npms to launch attacks—and how to stop them...
Best Practices For Managing Ruby Supply Chain Security Risks
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
A Guide To Implementing Software Supply Chain Risk Management
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
SCA Your First Step Toward Supply Chain Security
Research shows that open source supply chain attacks are now the #2 most common attack vector. The breach of SolarWinds showed just how devastating a software supply chain attack can be. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).
How Sweet It Is – Thinking About SBOMs In Relation to Chocolate
What are the ingredients that go into our software supply chain? Understanding why we need SBOMs.
THE DEVIL IN THE DETAILS The Importance of SBOMs in Protecting the Software Supply Chain
Learn how to use SBOMs to better track and fix known and newly emerging vulnerabilities to keep your applications secure.
Popular JavaScript Library ua-parser-js Compromised via Account Takeover
A popular npm package with more than 7 million weekly downloads was compromised, bringing supply chain security into the headlines once again.
Managing Supply Chain Security Risks in the Enterprise
The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s Cybersecurity Executive Order #14028 and NTIA’s Software Component Transparency initiative aim to strengthen supply chain security through advanced visibility over organizations’ software bill of materials (SBOM). It’s crucial to formulate...
Using Zero Trust to Mitigate Supply Chain Risks
Learn how Zero Trust model can boost your software supply chain security.
The 2021 OWASP Top 10
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List 2021 & how to use it the right way to support your dev team.