Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
What we know about the new OpenSSL critical security vulnerability.
The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...
For Cybersecurity Awareness Month, we take a closer look at using automation to improve AppSec, as well as how to safeguard the devices you use at home.
To adopt the second principle of modern application security programs, IT teams must move beyond shift left to and learn how to shift smart.
Explaining the first principle of modern application security programs: meticulous prep and planning.
Mend Research uncovered an unusual attack in RubyGems that exploited a previously existing package with a significant number of downloads to launch a typosquatting attack.
In honor of Cybersecurity Awareness Month, Mend Research Team Lead Daniel Elkabes shares a snapshot of how the Mend research team approaches vulnerability research.
Discover what Evil-Colon attacks are, the kind of damage they can do, and what measures you can take to protect your code from them.
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Discover how Mend has accelerated and automated the production of SBOMs with an API
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
Mend security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...
Discover why cybersecurity will be a hot topic at KubeCon 2022. Learn why standard vulnerability scoring is no longer sufficient, and find out why priority scoring is the future of vulnerability management.
On April 28 and April 30, respectively, Supply Chain Defender identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Mend security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets...
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Learn 3 best practices for effective remediation of the Spring4Shell zero-day vulnerability.