Read about application security, DevSecOps, license compliance, and software supply chain security.
In an interview with Michael Vizard from the Techstrong Group, Jeff Martin VP product for Mend, outlines his view on why security must now be an integral part of shipping software, how far security automation can currently go, and the importance of making security a vital part of developers’ education.
Automating AppSec could prove tremendously helpful, but many security teams are slow to trust automated tools. These three questions can help cybersecurity professionals embrace automation without increasing risk.
Rami Sass, CEO of Mend, sets out his vision in Forbes, on what enterprises should do to safeguard themselves against cybercriminals and cyberattacks.
By comparing current malicious package trends with malware’s evolution over the past 20 years, we can predict a likely future direction for malicious packages.
Discover how Mend has accelerated and automated the production of SBOMs with an API
The Mend research team analyzes a malicious package in which the harmful code is not only in a JSON file, but is also fully encrypted.
Discover how attackers can leverage example apps/reproduction scripts to attack OSS maintainers, why this is such a serious threat, and how to stop them
Discover why npm is susceptible to RCE, why it’s such a serious threat, the characteristics of RCE in npm, what should be done to stop it, and how Mend Supply Chain Defender achieves this.
Learn to differentiate between myths and facts in application testing with SAST security tools. Know how to adopt a successful SAST strategy.
Discover how you can use just one interface to find and fix open source and proprietary code security issues, and how to reduce the time it takes to fix issues, so no time is wasted researching.
Understand cloud native applications, the technology behind them, and their and security - why it’s important and how it relates to safeguarding cloud native applications
Discover the six steps to achieve zero trust in your application security and ensure that you can secure your application development quickly, early, and easily.
Mend Supply Chain Defender reported and blocked a massive dependency confusion attack involving a single author uploading 168 packages to npm.
Discover three great new GitHub features to strengthen your security and learn why dependency security is vital to safeguarding your code and data.
Learn about the importance of a cloud security architecture, the main risks you should consider when building it, and key principles to guide your work.
Introducing the Mend Application Security Platform, which offers automated remediation for both open source and custom code.
Learn how Mend is bringing RSA 2022’s “transform” theme to life with its own transformation, what that means for customers, and what we’re anticipating from the conference.
When it comes to rebranding, it’s not about the destination, it’s about the journey How important is a company name, really? Turns out that it is pretty important, especially if the name you currently have does not represent what the company has become, or where it is going. Our name is what defines the vision,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Understand the difference between vulnerability remediation and mitigation. Discover tools and an organizational process that can help you remediate vulnerabilities.
Mend security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.
Mend security team blocked a malicious npm package that uses a novel approach to disguise and execution.
Learn about the NIST C-SCRM program, its approach to supply chain security, and 4 critical best practices NIST recommends to secure your digital supply chains.
In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...
On April 28 and April 30, respectively, Supply Chain Defender identified, blocked, and reported two packages we deemed were malicious versions of original Amazon Web Services (AWS) packages. Mend security experts have reached out to contacts at Amazon to notify them of our findings. This discovery may point to a new takeover method that targets...
Learn how vulnerability assessment tools work, key features and capabilities, and discover five great tools that can help you scan and remediate vulnerabilities.
Daniel Elkabes, lead security researcher at Mend sat down with CyberNews to discuss security best practices for addressing threats.
Mend security has uncovered malicious packages using hex encoding and delayed execution
Risks from application vulnerabilities have multiplied as more applications get developed. To address this issue, Static Application Security Testing (SAST) identifies security vulnerabilities in the custom code written by application developers. Simultaneously, Software Composition Analysis (SCA) safeguards the open-source components that comprise between 60% and 80% of the codebase in modern applications. Join Susan St.Clair,...
Learn 3 best practices for effective remediation of the Spring4Shell zero-day vulnerability.
From the factory floor to online shopping, the benefits of automation are clear: larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
How prepared was your firm to handle the Log4j vulnerability that was announced in December 2021? The best firms were prepared and loaded for bear, and they completely mitigated and remediated their risk within hours of the announcement. What can you learn from their approach and how can you prepare for the next inevitable widespread...
Learn the effects of SAST false positives. Know their common causes. Understand how to address them without sacrificing software quality and security.