Welcome to Mend, Diffend!
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
Read about application security, DevSecOps, license compliance, and software supply chain security.
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
Web vulnerability scanners, a type of black-box testing, are the best way to protect your web application from malicious hackers. These are the top 11 tools.
Docker image security scanning is a core part of Docker security strategy. We explain how it works, why it's important and what its limitations are.
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
Coding Easter egg is a secret message or feature hidden inside interactive code. In this article we'll be finding some of the stand-out tech Easter eggs.
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape
Is open source code more secure than proprietary code? This has been an ongoing question for years. We claim that open source is more secure than the average commercial closed source software
It’s no secret that 2020 was a difficult year. The pandemic and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home. Despite the increases in these...
What are the top challenges facing the financial industry today, and how can financial institutions address them?
The Linux kernel is one of the most popular open source components used by developers, but it is also one of the most vulnerable. Here are the Top 10 Linux kernel vulnerabilities of the past decade.
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
Learn about the Internet of things (IoT) and the role of open source and application security.
OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...
The growing scale of Open Source adoption requires organizations to invest in implementing the right tool sets and processes to govern an increasingly complex Open Source licensing landscape, as well as minimize the potential legal risks. The application of these policies and processes can be collectively referred to as an Open Source Governance framework. Investing...
The differences between open source and proprietary code security and how to best secure each form of code. The tools and practices needed for open source and closed source security.
The goal of the PCI Software Security Framework is to provide developers of payment applications better security guidelines while providing the companies using payment applications with better tools to assess the security of the software they are using. In many ways, this framework is similar in intent to the Payment Application Data Security Standard (PCI...
Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond....
WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce...
Software development organizations are struggling under rising security debt. Learn what causes security debt, and how it can be managed and reduced.
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.
Renovate was originally created to scratch an internal itch, so we’ve been both enjoying its capabilities and testing them from day one. When people get started or get comfortable with using Renovate, it’s pretty understandable that they might look at the Renovate project itself as a reference user. We’ve put together this post to share how...
Software supply chain attacks are increasing. Learn what a software supply chain attack is, and about the recent attacks.
Relational databases have been a staple of modern computing since their conception in 1970. Oracle, MySQL, SQL Server and SQLite are just a few of the examples of the kind of databases that have...
Taking a look at RASP basics: What is RASP? Why do developers need it? Does it live up to the hype?
We break down the basics of serverless security in this guide, helping your team to make the next move in the evolution of cloud computing.
Myths persist about the usage of open source components. The following are the top 3 concerns associated with open source use.
When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind – security is slowing them down and holding them back from doing their “actual” job. But – it doesn’t necessarily have to be that way. The friction between developers and security teams...
As much as we love the benefits of using open source software components, they still come with risks. We're here to help you better understand these risks.
As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and...
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...
Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software development. Undermanaging the consumption and redistribution of Open source expose the enterprise to extensive legal and security risks and is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading...
Learn about the gray box testing, how it’s done, its techniques and tools, its advantages and disadvantages, and more.
What do containers really do, and is adopting Docker the right move for your company? Read on to find out.
Why is microservices security important? Key principles and best practices to ensure your microservices architecture is secure.
The COVID-19 pandemic forced many organizations to shift to a remote workforce almost overnight, most of which were not prepared for the sudden change. In their efforts to ensure their employees could remain productive, a number of organizations relaxed their security policies and unwittingly exposed their networks to compromise. As the pandemic continues, security challenges...