Supply Chain Security Update: How Secure is Composer?
Learn what happened, the impact of the attack, how it was discovered, and what you can do to prevent it from affecting your apps
Read about application security, DevSecOps, license compliance, and software supply chain security.
Learn what happened, the impact of the attack, how it was discovered, and what you can do to prevent it from affecting your apps
The financial sector has embraced open source, now they need to manage and secure it using a Software Composition Analysis solution.
learn how your package managers’ lockfiles risk your supply chain security, and how to mitigate the risks.
Discover key takeaways from The Forrester Wave™ Software Composition Analysis, Q3 2021 report.
Learn about addressing digital native security challenges in cloud-native environments with from Mend, HackerOne, AWS, and IGT.
Discover the differences between DevOps and Agile methodologies in software development. Learn how they can be combined.
Learn how to bridge the cybersecurity skills gap and protect your applications with innovative practices and tools.
An in-depth look at Prototype Pollution vulnerabilities and how to mitigate them.
Learn how external resources in packages can threaten your supply chain security, & discover ways to mitigate these risks to protect your org.
Let’s look at 5 organizations that teach programming to kids to nurture the next generation of software developers while also trying to close the gender and race gap in tech.
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.
In this webinar, SonarSource and WhiteSource share how empowering developers with the right tools positively impacts application security.
Learn about cloud computing security, challenges, and best practices. Stay ahead of cybersecurity threats with expert advice from Mend.io.
Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...
These 8 patch management best practices will help you apply a patching process in order to fix security vulnerabilities.
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
O volume de ataques maliciosos a sistemas continua aumentando ano após ano, com um número cada vez maior de hackers aproveitando o uso crescente do código aberto durante o desenvolvimento de software para distribuir pacotes maliciosos e explorar vulnerabilidades novas ou já conhecidas. Inscreva-se neste webinário onde vamos tratar de soluções para ajudar no desafio...
With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...
Mend in partnership with Jonathan Leitschuh found over 100,000 libraries affected by Maven vulnerability CVE-2021-26291.
Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...
Learn how developers can adopt easy practices to secure the open source supply chain without slowing down development.
Learn how to bridge the gap between developers and security with these 5 steps. Make security a top priority.
Discover the 9 best DevSecOps tools to integrate into your DevOps pipeline. Learn how these tools can help you automate security, & more.
A detailed comparison of Docker vs. Kubernetes, explaining their differences and similarities. Learn how they complement each other.
Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...
In the hopes of clearing up some of the confusion, we’ve mapped out some of the elements that can help us conduct an actionable open source license comparison.
President Biden’s executive order places strict standards on software sold to the US government. Learn about the executive order and software supply chain attacks.
Few years ago, JavaScript developers worldwide saw their applications failing to build or compile. It was soon learned that the outages were due to a developer pulling his packages out of npm, a dependency manager for JavaScript. The unpublished packages included an 11-line left-pad function that was downloaded 2.5 million times in the month prior...
Many enterprises consider applications to be the highest security risk. This survey by Ponemon Institute looks at AppSec risks.
Learn about the open source vulnerabilities in Apache Struts and Spring frameworks, their handling of security issues, and how to manage them.
In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
Read the latest supply chain security news and updates to learn about new supply chain methods exploited in April.
This article focus on how to better manage the supplier dimension of the software supply chain while improving control and visibility.
Learn about dynamic application security testing (DAST). Understand how DAST works, its pros and cons, and its importance in AppSec.