Holistic AppSec and Software Supply Chain Security
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Choose Your Type
Choose Your Topic
Our Latest Content
What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?
Discover why and how dependency management has become more significant as regulation and governance of the software supply chain escalates.
Adversaries Are Using Automation. Software Vendors Must Catch Up
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
Communicating the Value of Your Company With SBOMs
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
How Software Supply Chain Security Regulation Will Develop, and What Will It Look Like?
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
Why Legal Regulation Shifts Responsibility for Software Supply Chain Security to Vendors
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Are You Protected from the 12 Most Exploited Vulnerabilities?
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
Eight Considerations for Thwarting Malicious Packages
Discover eight key considerations to help you thwart the escalating threat of malicious packages and secure your software and applications.
Handling Open Source Context Licensing: Wrong Answers Only
Learn more about the need to identify open-source code and the license types being used. And, why you need to identify not just direct dependencies but also transitive dependencies.
What You Can Do to Stop Software Supply Chain Attacks
Discover the best practices you can employ to strengthen your software supply chain security.
How Software Supply Chain Attacks Work, and How to Assess Your Software Supply Chain Security
Discover how software supply chain attacks work, their typical characteristics, and how you can assess the security of your software supply chain.
Seven DevSecOps Best Practices: Challenges and How to Address Them
Discover seven key considerations for a successful and secure DevSecOps methodology to secure your software supply chain.
Operationalizing DevSecOps
DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps...
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
SBOMs: A Roadmap for a Secure Software Journey
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...
Strange Bedfellows: Software, Security and the Law
An unlikely alliance is being forged between CISOs, software leaders and legal experts due to the ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape. Join Sam Quackenbush, Sr. Director of Field Innovation & Strategy – Mend.io for this live panel roundtable to discuss some of the top cyberlaw and...
Why is Software Vulnerability Patching Crucial for Your Software and Application Security?
Find out what software vulnerability patching is and why it's important for software and application security.
Software Supply Chain Compliance: Ensuring Security and Trust in Your Software and Applications
Find out the key facts about software supply chain compliance, why it’s important and how best to implement it.
Malicious Packages: A Growing Threat to the Software Supply Chain
In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages. Learn how to secure your applications with this White Paper.
How Does SLSA Help Strengthen Software Supply Chain Security?
Find out what SLSA is and how it contributes to software supply chain security.
Five Tips for Using SBOMs to Boost Supply Chain Security
Discover why SBOMs are so important for software supply chain security and how you can best use them to secure your software and applications.
Open Source Risk Report Checklist
Check your open source risk with this checklist.
Mend.io Launches AppSec Risk Assessment Program
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Understanding the Anatomy of a Malicious Package Attack
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
How Supply Chain Attacks Work – And What You Can Do to Stop Them
Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools...
How Supply Chain Attacks Work – and How to Stop Them
Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...
What’s Driving the Adoption of SBOMs? What’s Next for Them?
Discover two of the key drivers behind the demand and adoption of SBOMs: technical and legislative.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
Mend.io + Jira Security: Doing DevSecOps Better Together
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
What are Malicious Packages? How Do They Work?
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
RSA Conference 2023: Key Takeaways From Our Five Favorite Sessions
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
RSA is Almost Here and We Have Thoughts
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Malicious Packages Special Report Reveals 315% Spike in Attacks
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Key Considerations for Building a Successful Cloud Security Program
Discover what the key considerations are for building a successful cloud security, according to a recent panel discussion attended by Mend’s Jack Marsal.