Read about application security, DevSecOps, open source license compliance and audit
Daniel Elkabes, Mend’s vulnerability research team leader, sets out what he considers to be the four critical areas every cybersecurity leader should be investing in now to help set their team up for success.
In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.
“The latest Gartner report recommends that security and risk management leaders adopt a composable view of application security. They should focus on orchestrating multiple application security innovations to serve as a coherent defense, rather than relying on a set of stand-alone products.” Download this report from Gartner to learn: The different application security tools that...
Automating AppSec could prove tremendously helpful, but many security teams are slow to trust automated tools. These three questions can help cybersecurity professionals embrace automation without increasing risk.
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
Mend marks Women’s Equality Day by describing how the company meets the challenge of equality with its “Ready to Grow” program, and the success it has achieved so far in promoting equality in leadership and opportunities for women and others
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Discover how Mend has accelerated and automated the production of SBOMs with an API
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
Join our webinar to discover how you can use just one interface to find and fix open source and proprietary code security issues, and how to reduce the time it takes to fix issues, so no time is wasted researching.
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Application security teams face myriad challenges in 2022. Applications are once again the number one way in for malicious actors, and software supply chain vulnerabilities continue to climb. To move forward effectively, security professionals need to find a way to move beyond a tactical and reactive mindset to rebuild an application security that integrates tightly...
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of...
In light of the Supreme Court decision in Dobbs versus Jackson Women’s Healthcare, which nullified the federal right to an abortion, we remain committed to protecting the rights of our employees. The health and well-being of our Mend team members are paramount to all that we do, and we do not take this news lightly. ...
In honor of Pride Month, two of our amazing employees share LGBTQ+ perspectives.
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
Understand how software supply chains work in large enterprises, discover the most important elements of software supply chain management, and how Mend can address them.
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
On June 6th, 2022, the Mend research team detected and flagged a malicious dependency confusion attack in npm exfiltrating Windows SAM and SYSTEM files.
After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation...
Learn about the importance of a cloud security architecture, the main risks you should consider when building it, and key principles to guide your work.
Mend announces integration of Supply Chain Defender (formerly Diffend) with JFrog Artifactory Plug-In.
Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.
Learn how Mend is bringing RSA 2022’s “transform” theme to life with its own transformation, what that means for customers, and what we’re anticipating from the conference.
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
WhiteSource security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Using data from Diffend, the Mend research team conducted an impact analysis of a recent critical CVE disclosed for RubyGems.
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...