Read about application security, DevSecOps, open source license compliance and audit
In the third and final part of our blog series on software and application security challenges and opportunities in banking and fintech, we look at some more considerations that were discussed in our recent webinar, featuring Rhys Arkins, Mend’s VP of Product Management; James McLeod, Director of Community of the Fintech Open Source Foundation (FINOS);...
It would be big news, to say the least, if a large quantity of Google source code found its way into the public domain. Now imagine if the leak also included source code from Amazon and Uber. That’s the scale of the data leak that hit Russian tech giant Yandex. The risk here is that...
According to Forrester Research, applications are the top cause of external breaches because cybercriminals consider them to be one of the easiest entry points to attack organizations’ code bases. As supply chain attacks increase, it has become increasingly important for organizations to implement and maintain a continuous application security program and make it a priority. ...
We’ve all got our heads in the cloud, or if not yet, we’re well on our way there. In other words, the process of digital transformation is happening at such a pace that almost all organizations will soon be working in the cloud and using cloud-native technology. Analyst Gartner has predicted that by 2025, over...
First of a two-part series The online world is now packed with applications, so it’s unsurprising that they’re a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions....
Increase your knowledge of open source licenses by learning what the main types are, how they work, and how they differ.
What’s the modern approach to SAST, why is it different, and how does it optimize your organization’s code, software, and application security?
Part two of three blogs in a series that focuses on the challenges, opportunities and solutions for software and application security in banking and fintech.
Experts from Mend, FINOS, the Linux Foundation and Morgan Stanley discuss the challenges and opportunities of software and application security in banking and fintech. Part one of three.
Kubernetes is widely used but comes with security risks. Discover what these risks are, how they can be exploited, how to define and implement security for Kubernetes configurations, and how to protect Kubernetes applications.
Mend researchers identify a new type of malicious code that deletes directories.
Several Mend experts offer insight into what they expect to see in 2023 – and some ideas on how to prepare.
Open source license management has become so important that governments are seeking to mandate it.
Learn how to build a compelling case for buying a software composition analysis (SCA) tool in your organization.
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
All about application security - why is the application layer the weakest link, and how to get application security right.
Our team detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages.
Discover the top ten application security best practices to safeguard your applications and minimize the impact of vulnerabilities.
While detecting vulnerabilities is important, you also need to know the ones that pose the highest risk to your business. Learn why prioritizing vulnerabilities is vital to effective application security, the key considerations when prioritizing, and what an effective prioritization process looks like.
How can you get the most value from your SAST tool, and what should it include to maximize the value you derive from it?
Discover what steps you can take to safeguard your code base, your software, and your applications from zero-day attacks.
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Updating software dependencies is vital to software and application security, but there are challenges. Learn the risks associated with updating dependencies, why they occur, and how you can address them.
Building a modern application security program requires a robust DevSecOps environment built on collaboration. For many companies, that means shifting away from IT silos towards a shared-responsibility mindset regarding security across the organization.
The Renovate open source project for automating dependency update hit some big Github milestones, so we put together a little appreciation for our favorite dependency update bot.
Cloud-native applications are at particular risk from vulnerabilities in their code. Discover why and how you should assess these risks in order to reinforce your security.
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
Mend SCA available as an action within new DevOps service, Amazon CodeCatalyst
Learn what shift left testing means, how it can save you time and costs, and why you need to shift left your open source components’ management.
Why is integrating dependency management into cloud services so important, how do you manage dependencies better, and what does Mend do with Amazon Web Services (AWS) to help you achieve this?
Mend’s new integration with Bitbucket Cloud brings smart, automated risk reduction to DevOps teams with ultra-fast rollouts and 100 percent adoption rates.
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
Discover what a good AppSec program should look like and the best practices to implement it, according to Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite.
Discover why your DevOps platform should be complemented with a security solution, learn how to achieve this, and find out how Mend’s partnership with CloudBees delivers security that safeguards your code, software, and applications.
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.