Securing Your Package Manager’s Lockfiles
learn how your package managers’ lockfiles risk your supply chain security, and how to mitigate the risks.
Choose Your Type
Choose Your Topic
Our Latest Content
The Forrester Wave™ Software Composition Analysis, Q3 2021: Key Takeaways
The Forrester Wave on Software Composition Analysis helps identify which vendor offers the best solution to protecting your open source.
Industry Experts Weigh In: Addressing Digital Native Security Challenges
Mend hosted industry experts at a roundtable to provide their insights and tips on the challenges of digital native security.
The Complete Guide to Prototype Pollution Vulnerabilities
An in-depth look at Prototype Pollution vulnerabilities and how to mitigate them.
How Packages’ External Resources Threaten Your Supply Chain
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Penetration Testing — A Detailed Guide
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.
Cloud Computing Security: A Primer
What is cloud native computing and what are the top concerns in cloud computing security?
Accelerating Innovation With Open Source and Agile Compliance in the Financial Sector
Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...
Celebrating Pride: LGBTQ+ Open Source Projects and Programs We Love
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
Research Shows Over 100,000 Libraries Affected By Maven Vulnerability CVE-2021-26291
Mend in partnership with Jonathan Leitschuh found over 100,000 libraries affected by Maven vulnerability CVE-2021-26291.
Supply Chain Security — 10 Tips That Won’t Slow Development Down
Learn how developers can adopt easy practices to secure the open source supply chain without slowing down development.
5 Steps to Get Your Developers to Care More About Security
The relationship between security and developers has traditionally been like two teams competing at a tug-o-war. On one end developers are pulling to produce functional products at breakneck...
9 Best DevSecOps Tools To Integrate Throughout The DevOps Pipeline
In order to incorporate security into your DevOps cycle you need to know the most innovative automated DevSecOps tools around that will help you secure your application without slowing you down.
Docker Vs. Kubernetes: A Detailed Comparison
Learn about the relationship between Docker and Kubernetes. Understand the similarities and differences between Docker Swarm vs. Kubernetes.
Top Tips for Technical Due Diligence Process
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
Biden’s Cybersecurity Executive Order Focuses on Supply Chain Attacks
President Biden’s executive order places strict standards on software sold to the US government. Learn about the executive order and software supply chain attacks.
Reducing Enterprise AppSec Risks: Ponemon Report Key Takeaways
Many enterprises consider applications to be the highest security risk. This survey by Ponemon Institute looks at AppSec risks.
Three New Supply Chain Attack Methods You Should Be Aware Of
Read the latest supply chain security news and updates to learn about new supply chain methods exploited in April.
Overcoming Software Supply Chain Risk
This article focus on how to better manage the supplier dimension of the software supply chain while improving control and visibility.
Developer Security Champions Rule the DevSecOps Revolution
Learn what a developer security champion is and how it will help your developers shift security left.
Welcome to Mend, Diffend!
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
Finding the Best Coding Easter Eggs
Coding Easter egg is a secret message or feature hidden inside interactive code. In this article we'll be finding some of the stand-out tech Easter eggs.
Forrester’s State Of Application Security Report, 2021: Key Takeaways
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape
Top 3 AppSec Challenges to the Financial Industry
What are the top challenges facing the financial industry today, and how can financial institutions address them?
Mend on Mend
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
Hitting Snooze on Alert Fatigue in Application Security
Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond....
Managing Security Debt: How to Reduce Security Deficit
Software development organizations are struggling under rising security debt. Learn what causes security debt, and how it can be managed and reduced.
Setting Up an Effective Vulnerability Management Policy
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.
Software Supply Chain Attacks
Software supply chain attacks are increasing. Learn what a software supply chain attack is, and about the recent attacks.
When to Consider a NoSQL vs Relational Database
Relational databases have been a staple of modern computing since their conception in 1970. Oracle, MySQL, SQL Server and SQLite are just a few of the examples of the kind of databases that have...
Serverless Security Explained
We break down the basics of serverless security in this guide, helping your team to make the next move in the evolution of cloud computing.
Best Practices for Developers to Master Security
When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind – security is slowing them down and holding them back from doing their “actual” job. But – it doesn’t necessarily have to be that way. The friction between developers and security teams...
AWS Oil and Gas Roundtable
As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and...
ISIT Shifting Compliance & Security Left – Into the Hands of The Developers
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...
What Are Docker Containers, and Should Your Company Adopt It?
What do containers really do, and is adopting Docker the right move for your company? Read on to find out.