Software Supply Chain Security: The Basics and Four Critical Best Practices
Learn about supply chain security, supply chain attacks, and how to protect your organization against this severe threat.
Choose Your Type
Choose Your Topic
Our Latest Blog Posts
Threat Actor Deploys Malicious Packages Using Hex Encoding and Delayed Execution
Mend security has uncovered malicious packages using hex encoding and delayed execution
Mend Support for Ukrainian War Refugees
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Get the Response to Spring4Shell Right: Best Practices for Immediate Remediation
Learn 3 best practices for effective remediation of the Spring4Shell zero-day vulnerability.
Automated Software Supply Chain Attacks: Should You be Worried?
From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
How To Set A Benchmark Of False Positives With SAST Tools
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Best SAST Tools: Top 7 Solutions Compared
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
How To Address SAST False Positives In Application Security Testing
Learn the effects of SAST false positives. Know their common causes. Understand how to address them without sacrificing software quality and security.
Best Practices For Managing Ruby Supply Chain Security Risks
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
A Guide To Implementing Software Supply Chain Risk Management
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
SAST vs. SCA: 7 Key Differences
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.