Read about application security, DevSecOps, open source license compliance and audit
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
Learn the effects of SAST false positives. Know their common causes. Understand how to address them without sacrificing software quality and security.
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.
Mend Static Application Security Testing (SAST) technology is the first to automatically remediate security vulnerabilities as well as identify them. CEO Rami Sass explains why and how Mend launched this SAST solution, and the value it brings.
Mend Diffend detected and reported more than 1,300 malicious npm packages in 2021, and its researchers have developed this list of facts that are vital to understanding npm package security
Mend Diffend detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
Key information about a severe flaw (CVE-2021-44142) in the popular freeware, Samba, which enables remote attackers the ability to execute arbitrary code with the highest privileges on affected installations. Discover how it works and how Mend thwarts it.
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Automated Log4j Remediation Rules Now Available for Mend Renovate and Remediate.
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.
How to remediate the newly published critical vulnerability in Apache’s widely popular Log4j Java library, CVE-2021-44228.
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.
Learn why vulnerability management is becoming increasingly important, discover the fundamentals and techniques behind the vulnerability management process.
Learn more about what Infrastructure as code (IaC) is, its benefits, and best practices for how to use this technology securely.
In order to gain a better understanding of the process of open source vulnerability management, we decided to take a deep dive into npm — one of the most popular platforms in the open source dev community.
What are the ingredients that go into our software supply chain? Understanding why we need SBOMs.
Learn about the benefits and challenges of reporting-centric SBOMs vs. remediation-centric SBOMs.
Keep your vulnerability management plan up-to-date. Address today’s threat landscape with advanced vulnerability detection, prioritization, and remediation.
Every piece of code, module, or package has an element of risk associated with it. Learn how to evaluate and treat that risk to reduce the likelihood of failure.
A popular npm package with more than 7 million weekly downloads was compromised, bringing supply chain security into the headlines once again.
The usual methods of securing your apps are no longer enough. Here is why you need to implement zero trust in DevSecOps
Learn how to transform your team from DevOps to DevSecOps smoothly and successfully. Understand the benefits of making the transition to DevSecOps.
How Mend Cure’s automated remediation technology helps developers get ahead of security issues without slowing down development.
Learn how Zero Trust model can boost your software supply chain security.