Holistic AppSec and Software Supply Chain Security
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Learn practical steps to building a sustainable application and software supply chain security strategy that meets today’s business demands and those that may arise in the future.
Discover why and how dependency management has become more significant as regulation and governance of the software supply chain escalates.
Attackers are using automation to escalate their attacks. Here’s why and how you can use automation to defend your apps, software and codebase.
An SBOM is more than just a box to tick, it’s an opportunity to build trust with your customers. Here’s why and how to do that.
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
Discover how software supply chain security regulations could develop and evolve, and what the outcome could be.
The recent publication of cybersecurity strategies by governments of leading economies could create significant change in software supply chain security by shifting responsibility towards vendors and imposing best practices. This blog looks at why this is happening, what the changes might be, and what challenges they could pose.
Discover the 12 most exploited vulnerabilities that threaten organizations’ software and what dependency management strategies and tools will protect you from them.
Discover eight key considerations to help you thwart the escalating threat of malicious packages and secure your software and applications.
Learn more about the need to identify open-source code and the license types being used. And, why you need to identify not just direct dependencies but also transitive dependencies.
Discover the best practices you can employ to strengthen your software supply chain security.
Discover how software supply chain attacks work, their typical characteristics, and how you can assess the security of your software supply chain.
Discover seven key considerations for a successful and secure DevSecOps methodology to secure your software supply chain.
DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps...
What is brandjacking, why is it such a threat, and what role do AppSec security practices play in thwarting it?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey. Join Jeff Martin, Vice President of Product Management – Mend.io in this panel of software security...
An unlikely alliance is being forged between CISOs, software leaders and legal experts due to the ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape. Join Sam Quackenbush, Sr. Director of Field Innovation & Strategy – Mend.io for this live panel roundtable to discuss some of the top cyberlaw and...
Find out what software vulnerability patching is and why it's important for software and application security.
Find out the key facts about software supply chain compliance, why it’s important and how best to implement it.
In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages. Learn how to secure your applications with this White Paper.
Find out what SLSA is and how it contributes to software supply chain security.
Discover why SBOMs are so important for software supply chain security and how you can best use them to secure your software and applications.
Check your open source risk with this checklist.
Mend.io announces a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk
Learn why malicious packages are a growing threat to application security, how they work, and what you can do to stop them
Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools...
Security leaders are scrambling to reexamine the security of their software supply chains. This report details how to protect software components and applications from attack, examining: The growing threat of malicious package attacks, as identified by Mend.io, and what you can do about them. The importance of software bills of materials in software supply chain...
Discover two of the key drivers behind the demand and adoption of SBOMs: technical and legislative.
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
Learn how Mend.io integration enhancements for Jira Security build seamless adoption and collaborative DevSecOps.
Open source code package repositories allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages. Read on to learn about what they are and how they work.
Key takeaways from five of the more noteworthy sessions we attended at RSA 2023.
Read on to hear our predictions on the hot topics at RSA this year, and what Mend.io will be up to at the show.
Research from Mend.io’s new Malicious Packages Special Report: Attacks Move Beyond Vulnerabilities illustrates the growing threat of malicious packages, including a 315 percent increase in attacks from 2021 to 2022.
Discover what the key considerations are for building a successful cloud security, according to a recent panel discussion attended by Mend’s Jack Marsal.