A Guide To Implementing Software Supply Chain Risk Management
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
Choose Your Type
Choose Your Topic
Our Latest Content
SAST vs. SCA: 7 Key Differences
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.
Mend SAST: The Next Generation of Application Security
Mend Static Application Security Testing (SAST) technology is the first to automatically remediate security vulnerabilities as well as identify them. CEO Rami Sass explains why and how Mend launched this SAST solution, and the value it brings.
npm Threat Report
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
A Malicious Package Found Stealing AWS AIM data on npm has Similarities To Capital One Hack
Mend Diffend detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
How to Fix NPM Vulnerabilities Quickly and Painlessly
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
CVE-2021-4034: A Walkthrough of Pwnkit – the Latest Linux Privileges Escalation Vulnerability
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
DevSecOps in an Agile Environment
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
Log4J: Tales from The Trenches: The State of Log4J Remediation
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
CISA Says: Generate and Audit a Software Bill of Materials (SBOM) to prepare for the next Log4j
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
Best Practices for Dealing With Log4j
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
Gartner® Report – What to Do About Log4j?
Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...