Welcome to Mend Blog

Read about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Blog Posts

Empowering Women for Leadership at Mend

Mend marks Women’s Equality Day by describing how the company meets the challenge of equality with its “Ready to Grow” program, and the success it has achieved so far in promoting equality in leadership and opportunities for women and others

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration

Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...

Statement from Mend on the U.S. Supreme Court Decision

In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...

RSA 2022–What a Week! 

After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation...

The Era of Automated SAST has Begun

Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.

AWS Targeted by a Package Backfill Attack

On April 28 and April 30, respectively, Mend Diffend identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Whitesource security experts have reached out to contacts at Amazon to notify them of our findings.  This discovery may point to a new takeover method that targets packages...