Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Choose Your Type
Choose Your Topic
Our Latest Blog Posts
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
How Mentorship Builds Capabilities and Enhances Working Together at Mend
With a fresh example from Mend, discover how mentoring partnerships provide benefits that exceed individual growth by fostering a deeper understanding of how other parts of the organization work and how people can work better together.
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
Growth Through Mentorship at Mend
It’s a common claim from many companies that their people are their most valuable asset. What’s less common, however, is the evidence to back this up. But at Mend, we have matched our commitment to our teams with learning and development opportunities to support the personal and professional growth of our Menders. As the company...
How Manufacturing Companies can Safeguard Software and Assure Robust Quality and Compliance
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
White House Issues New Guidelines on Software Supply Chain Security – What Are the Challenges and Possible Outcomes?
The White House and the Executive Office of the President of the U.S, have just issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. This follows two new acts from U.S. Congress that strengthen cybersecurity and information security and an executive order on cybersecurity from the office of the U.S. President. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.
Four Key Areas Every Cybersecurity Leader Should Focus on to Ensure Their Company is Protected
Daniel Elkabes, Mend’s vulnerability research team leader, sets out what he considers to be the four critical areas every cybersecurity leader should be investing in now to help set their team up for success.
Application Security Debt – Warnings and Solutions
In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.
3 Key Questions for Smart AppSec Automation
Automating AppSec could prove tremendously helpful, but many security teams are slow to trust automated tools. These three questions can help cybersecurity professionals embrace automation without increasing risk.
Why Cybersecurity Must Mend Its Ways To Thwart Modern Threats
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Empowering Women for Leadership at Mend
Mend marks Women’s Equality Day by describing how the company meets the challenge of equality with its “Ready to Grow” program, and the success it has achieved so far in promoting equality in leadership and opportunities for women and others
Mining Malware History for Clues on Malicious Package Innovation
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Mend API Helps Make SBOMs Simple
Discover how Mend has accelerated and automated the production of SBOMs with an API
Today’s Security Tidbit: An Encrypted JSON File Containing Malicious Code
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
How attackers leverage example apps/reproduction scripts to attack OSS maintainers
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
How to Conquer Remote Code Execution (RCE) in npm
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Three Big Myths About Application Testing With SAST Tools
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
A Brief Guide to Cloud-Native Applications, Technology, and Security
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
Statement from Mend on the U.S. Supreme Court Decision
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
Pride 2022: Supporting LGBTQ+ in Tech
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Six Steps to Achieve Zero Trust in Application Security
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Single Author Uploaded 168 Packages to npm as Part of a Massive Dependency Confusion Attack
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
3 Critical Best Practices of Software Supply Chain Security:
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
3 New GitHub Features to Reinforce Your Code, Repo, and Dependency Security
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
A Weaponized npm Package ‘@core-pas/cyb-core’ Proclaimed Pentesting Related
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
RSA 2022–What a Week!
After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation...
Cloud Security Architecture: A Practical Guide
Learn about the importance of a cloud security architecture, the main risks you should consider when building it, and key principles to guide your work.
Introducing Mend Supply Chain Defender Integration with JFrog Artifactory
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
The Era of Automated SAST has Begun
Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.
Mend Epitomizes RSA 2022 Theme, “Transform”
Learn how Mend is bringing RSA 2022’s “transform” theme to life with its own transformation, what that means for customers, and what we’re anticipating from the conference.
From WhiteSource to Mend—A Rebrand Journey
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
WhiteSource is Now Mend: You Code, We Cure
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Vulnerability Remediation: A Practical Guide
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.