How to Prepare for the Next Zero-Day Attack
Discover what steps you can take to safeguard your code base, your software, and your applications from zero-day attacks.
Choose Your Type
Choose Your Topic
Our Latest Content
Introducing the Mend Open Source Risk Report
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
The Risks and Benefits of Updating Dependencies
Updating software dependencies is vital to software and application security, but there are challenges. Learn the risks associated with updating dependencies, why they occur, and how you can address them.
Application Security Roundtable Discussion
Join Jeff Martin, VP of Product at Mend.io in this application security roundtable discussion.
AWS-Mend Fireside Chat: Building a Modern AppSec Program
Learn how you can implement modern AppSec strategies in a fireside chat with the experts from Amazon Web Services (AWS) and Mend.io.
The Need for Speed: Accelerated AppSec Scanning in Azure DevOps Repos
If your organization uses Azure DevOps, attend this webinar to learn how easy it is to add application security testing to your repo.
Renovate Reaches 10K!
The Renovate open source project for automating dependency update hit some big Github milestones, so we put together a little appreciation for our favorite dependency update bot.
A Busy Weekend for npm Attacks, Including ‘cors’ Typosquatting
Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm: reverse remote shell as part of typosquatting attack on the popular ‘cors’ package, and an ATO attack on the “Just Eat” organization.
Mend SCA Action within Amazon CodeCatalyst Brings Additional Application Security to Developers
Mend SCA available as an action within new DevOps service, Amazon CodeCatalyst
Shift-Left Testing and Its Benefits
Learn what shift left testing means, how it can save you time and costs, and why you need to shift left your open source components’ management.
Integrating Dependency Management Into Cloud Services: The Mend-AWS Partnership
Why is integrating dependency management into cloud services so important, how do you manage dependencies better, and what does Mend do with Amazon Web Services (AWS) to help you achieve this?
Modern Application Security Needs More Than Tech. Don’t Neglect Governance
Learn why teams that pay attention to governance by using a CSIRP are more successful at combating the continued growth of cyberattacks.
SAST – All About Static Application Security Testing
Learn all about SAST - what it is, how it works, its strengths and weaknesses, how it can be improved and what to look for in SAST tools.
Building a Modern AppSec Program: AWS-Mend Fireside Chat
Discover what a good AppSec program should look like and the best practices to implement it, according to Ori Bach, EVP of Product at Mend, and Harry Mower, Director, AWS CodeSuite.
Why Your DevOps Platform Needs a Security Partner to Safeguard Your Software
Discover why your DevOps platform should be complemented with a security solution, learn how to achieve this, and find out how Mend’s partnership with CloudBees delivers security that safeguards your code, software, and applications.
DevSecOps: A Comprehensive Guide to Securely Managing Your DevOps Workflow
Get to know all about DevSecOps and the main tools and practices that organizations should adopt in order to implement a DevSecOps pipeline.
Modern AppSec Programs Run on Automation
Learn why automation is a critical element of modern application security programs.
Top Three User Priorities for Software Composition Analysis
On the PeerSpot technology review site, reviews from Mend SCA users highlighted the three top priorities that SCA users generally want: ease of use, risk mitigation, and a strong feature set and integration capabilities.
Advisory: New OpenSSL Critical Security Vulnerability
What we know about the new OpenSSL critical security vulnerability.
Software Security Challenges & Opportunities in Banking
Learn about software security challenges & opportunities and how you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively.
It’s Cybersecurity Awareness Month–So Let’s Talk Automation and Home Security
For Cybersecurity Awareness Month, we take a closer look at using automation to improve AppSec, as well as how to safeguard the devices you use at home.
Modern AppSec Moves Beyond Shift Left to Shift Smart
To adopt the second principle of modern application security programs, IT teams must move beyond shift left to and learn how to shift smart.
Meticulous Prep and Planning–A Linchpin of Modern AppSec Programs
Explaining the first principle of modern application security programs: meticulous prep and planning.
To use rest_client, or to use rest-client, that is the question
Mend Research uncovered an unusual attack in RubyGems that exploited a previously existing package with a significant number of downloads to launch a typosquatting attack.
Vulnerability Research: Here’s How it Works at Mend
In honor of Cybersecurity Awareness Month, Mend Research Team Lead Daniel Elkabes shares a snapshot of how the Mend research team approaches vulnerability research.
It‘s Cybersecurity Awareness Month-Let‘s Talk AppSec
For Cybersecurity Awareness Month, Mend’s Chris Lindsey offers advice on how to solve some vexing AppSec challenges.
Must-Know Facts About Evil-Colon Attacks
Discover what Evil-Colon attacks are, the kind of damage they can do, and what measures you can take to protect your code from them.
Why Building a Modern AppSec Program is Vital for Digital Business
Learn why building a modern AppSec strategy that can support demanding development cycles while also ensuring application security is increasingly essential.
Six Golden Rules for Software and Application Security
To mark Cybersecurity Awareness Month, this primer helps simplify the complex subject of application security
Are You CODEfident?
We’ve been watching the global transition to an app-driven world for some time now, as companies develop and deploy innovative software at warp speed. And we’ve also watched application security teams struggle to keep up. Many try to use yesterday’s tools for today’s AppSec reality, while others wrestle with immature application security programs. And that’s...
Cybercriminals targeted users of packages with a total of 1.5 billion weekly downloads on npm
Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign.
Building a Modern Application Security Strategy for an App-Run World
Join Jeffrey Martin, VP of Outbound Product Management at Mend, and guest speaker Janet Worthington, Senior Analyst at Forrester as they discuss the state of application security today in a constantly changing environment.
Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked
San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack detected by Mend Supply Chain Defender
How Manufacturing Companies can Safeguard Software and Assure Robust Quality and Compliance
Software and application security and compliance can have an impact on traditional manufacturing businesses, especially those working at scale. Learn why, and how Mend has helped the manufacturer, Kärcher, meet these challenges.
Why Software Composition Analysis is “Transformational” Technology
Attend this webinar to learn more about how software composition analysis (SCA) works and how recent advances have made SCA easier than ever to use.
White House Issues New Guidelines on Software Supply Chain Security – What Are the Challenges and Possible Outcomes?
The White House and the Executive Office of the President of the U.S, issued a memorandum of guidelines to enhance the security of the software supply chain through secure software development practices. Discover what their key points are, why they've been introduced, and how they might shape the future of cybersecurity.