Welcome To Mend Resource Center

Read about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Content

Are You CODEfident?

We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...

Building a Modern Application Security Strategy for an App-Run World

As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...

Gartner® Report – Hype Cycle™ for Application Security, 2022

“The latest Gartner report recommends that security and risk management leaders adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.” Download this report from Gartner to learn: The different application security tools that...

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...

Automated Software Supply Chain Attacks: Should You be Worried?

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...

SCA Your First Step Toward Supply Chain Security

Research shows that open source supply chain attacks are now the #2 most common attack vector. The breach of SolarWinds showed just how devastating a software supply chain attack can be. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).

Managing Supply Chain Security Risks in the Enterprise

The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s Cybersecurity Executive Order #14028 and NTIA’s Software Component Transparency initiative aim to strengthen supply chain security through advanced visibility over organizations’ software bill of materials (SBOM). It’s crucial to formulate...