The CISO’s Guide to Application Security Innovation
Discover how you can build an effective modern application security program by increasing awareness and understanding in your organization.
Choose Your Type
Choose Your Topic
Our Latest Content
Open Source License Management Tools: Features and Best Practices
Discover the essential features and best practices you should have in your license management tool.
Building a Modern AppSec Strategy: How to Secure Applications
Discover what you can do to protect your AppSec with a modern application security strategy.
Docker Container Security: Challenges and Best Practices
Docker is a complicated beast, and there is no simple trick you can use to maintain Docker container security. We offer a set of best practices that should help you.
Open Source License Management Tools: Challenges, Opportunities, and What to Look Out For
What should you look for in a modern open source license management tool, why and how to do so, the challenges and the future of open source license management.
FINOS: The 2022 State of Open Source in Financial Services
This report identifies the extent to which the financial services industry is active in open source, creating a baseline of understanding of governance, leadership, consumption, contribution, culture, and overall open source aspiration. Further, the report highlights the obstacles and challenges to improving industry-wide collaboration and concludes with a set of actionable insights for improving the...
The CISO’s Guide to AppSec Innovation
Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security...
Guide to Open Source Software Security
This white paper from Mend, the market leader in SCA, explains how to build an open source security program that gives you confidence that everything is visible, policies are being followed, and your developers are actually using the security tools provided for them. Learn how to build your open source security program today – download...
More Security, Less Tool Switching: Mend SCA for Bitbucket Cloud
Your Bitbucket Cloud repos are key to building best-in-breed applications and a great place to shift left for better open source security. With other software composition analysis (SCA) tools, keeping your repos safe can be a cumbersome process requiring frequent tool-switching. Now, you can integrate world-class open source security that automates remediation and reduces mean...
Software and AppSec Challenges and Opportunities in Banking and Fintech — Part Three
The final part of a series of three blogs on software and application security in banking and fintech.
Yandex Data Leak Triggers Malicious Package Publication
Learn about the risks posed by leaked code and malicious packages at Russian tech giant Yandex.
Application Security Requires Concerted, Continuous Efforts
Introducing an article in Forbes by Mend CEO Rami Sass, focusing on how application security requires ongoing awareness, effort and investment, buy-in from executive leadership, and the inculcation of a security-aware culture within every organization.
How to Manage Risk Effectively in Cloud-Native Environments
Discover why cloud-native environments are vulnerable, two of the main risks, and how to address them.
Building a Modern Application Security Strategy. Part One: Threats, Opportunities, and Challenges
Discover the threats, opportunities, and challenges of building a modern application security strategy.
Top Open Source Licenses Explained
Increase your knowledge of open source licenses by learning what the main types are, how they work, and how they differ.
Why do we need a new approach to SAST?
What’s the modern approach to SAST, why is it different, and how does it optimize your organization’s code, software, and application security?
Software and AppSec Challenges and Opportunities in Banking and Fintech — Part Two
Part two of three blogs in a series that focuses on the challenges, opportunities and solutions for software and application security in banking and fintech.
Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
Software and AppSec Challenges and Opportunities in Banking and Fintech — Part One
Experts from Mend, FINOS, the Linux Foundation and Morgan Stanley discuss the challenges and opportunities of software and application security in banking and fintech. Part one of three.
What Threatens Kubernetes Security and What Can You Do About It?
Kubernetes is widely used but comes with security risks. Discover what these risks are, how they can be exploited, how to define and implement security for Kubernetes configurations, and how to protect Kubernetes applications.
Malicious Code Deletes Directories If You Do Not Have a License
Mend researchers identify a new type of malicious code that deletes directories.
Mend’s Trends for 2023
Several Mend experts offer insight into what they expect to see in 2023 – and some ideas on how to prepare.
Why Open Source License Management Matters
Open source license management has become so important that governments are seeking to mandate it.
How to Make a Case for Buying SCA
Learn how to build a compelling case for buying a software composition analysis (SCA) tool in your organization.
Why an SBOM is Vital to Application Security and Compliance
Attacks targeting the software supply chain are on the rise. Learn why an SBOM is vital to Application Security and Compliance.
Application Security — The Complete Guide
All about application security - why is the application layer the weakest link, and how to get application security right.
No Festive Break for Security as Attackers Target Almost 300 NPM Packages
Our team detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages.
Everything You Need to Know About Application Security Best Practices
Discover the top ten application security best practices to safeguard your applications and minimize the impact of vulnerabilities.
What Are The Key Considerations for Vulnerability Prioritization?
While detecting vulnerabilities is important, you also need to know the ones that pose the highest risk to your business. Learn why prioritizing vulnerabilities is vital to effective application security, the key considerations when prioritizing, and what an effective prioritization process looks like.
How to Maximize the Value from Your SAST Tool
How can you get the most value from your SAST tool, and what should it include to maximize the value you derive from it?
How to Prepare for the Next Zero-Day Attack
Discover what steps you can take to safeguard your code base, your software, and your applications from zero-day attacks.
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
The Risks and Benefits of Updating Dependencies
Updating software dependencies is vital to software and application security, but there are challenges. Learn the risks associated with updating dependencies, why they occur, and how you can address them.
Application Security Roundtable Discussion
Recent high-profile software supply chain breaches have sharpened the focus on application security. However, as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce, or outright eliminate, the vulnerabilities that now routinely make it...
AWS-Mend Fireside Chat: Building a Modern AppSec Program
The modern AppSec approach includes strategies and technologies that help teams prioritize. By giving them tools that efficiently identify security vulnerabilities that present the biggest risk, they can address them as quickly as possible. Learn how you can implement these strategies in a fireside chat with the experts from Amazon Web Services (AWS) and Mend....
The Need for Speed: Accelerated AppSec Scanning in Azure DevOps Repos
Until recently, application security testing was cumbersome and time-consuming. Now, enterprises using Azure DevOps Repos can add automated application security testing directly to the repo. This DevSecOps approach combines convenience for developers along with features that security professionals want such as centralized deployment, management and policy enforcement. If your organization uses Azure DevOps, attend this...