Best Practices for Dealing With Log4j
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
Choose Your Type
Choose Your Topic
Our Latest Content
CVE-2021-44832: A New Medium Severity Vulnerability Was Found in Log4j
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Fixing the Log4j Vulnerability with Mend
Automated Log4j Remediation Rules Now Available for Mend Renovate and Remediate.
Log4Shell or LogThemAll: Log4Shell in Ruby Applications
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
How to Build a Threat Model for Kubernetes Systems
As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...
Facing the Log4j Vulnerability Head On The Risk and the Fix
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not an easy task. Even with the right tools and policies, mitigating this type of threat is always a challenge. In this webinar, our...
Log4j Vulnerability CVE-2021-45105: What You Need to Know
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
Log4j Vulnerability CVE-2021-45046 Now a Critical 9.0
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.
New Log4j Vulnerability CVE-2021-44228: Info and Remediation
How to remediate the newly published critical vulnerability in Apache’s widely popular Log4j Java library, CVE-2021-44228.
Best Practices for Developers: How to Easily Shift Left Security
When you ask developers their thoughts on security, they’ll likely tell you security is slowing them down and getting in the way of their ‘actual’ job. But it doesn’t have to be that way; with the right tools and processes in place, the friction between developers and security teams can be reduced, if not eliminated...
How to Make Your Vulnerability Management Metrics Count
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.
Vulnerability Management — What You Need To Know
Learn why vulnerability management is becoming increasingly important, discover the fundamentals and techniques behind the vulnerability management process.
Infrastructure as Code: Enabling DevOps Success
Learn more about what Infrastructure as code (IaC) is, its benefits, and best practices for how to use this technology securely.
Mend Research: Fixing Vulnerable npm Packages Quickly and Painlessly
In order to gain a better understanding of the process of open source vulnerability management, we decided to take a deep dive into npm — one of the most popular platforms in the open source dev community.
Hidden Risks of Using Open Source Software
With each passing year, open source software use increases. But this trend does not come without a price. Modern software’s heavy reliance on open source components created space for exploitation by malicious actors. New threats are challenging to detect and to protect against. This session should arm you with knowledge about the risks and practical...
Addressing Security Debt with a Developer First approach webinar
As organizations struggle to keep the application layer secure, more security tasks are added to developers’ already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the...
Mend Research Report — Remediating Vulnerabilities in npm Packages
As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.
How Sweet It Is — Thinking About SBOMs In Relation to Chocolate
What are the ingredients that go into our software supply chain? Understanding why we need SBOMs.
The Benefits and Challenges of Reporting vs. Remediation with SBOMs
Learn about the benefits and challenges of reporting-centric SBOMs vs. remediation-centric SBOMs.
The Future of Vulnerability Management Programs
Keep your vulnerability management plan up-to-date. Address today’s threat landscape with advanced vulnerability detection, prioritization, and remediation.
What You Need to Know About Code Risk Management
Every piece of code, module, or package has an element of risk associated with it. Learn how to evaluate and treat that risk to reduce the likelihood of failure.
Popular JavaScript Library ua-parser-js Compromised via Account Takeover
A popular npm package with more than 7 million weekly downloads was compromised, bringing supply chain security into the headlines once again.
Mend Cure: Automated Remediation for Developers
How Mend Cure’s automated remediation technology helps developers get ahead of security issues without slowing down development.
Using Zero Trust to Mitigate Supply Chain Risks
Learn how Zero Trust model can boost your software supply chain security.
The 2021 OWASP Top 10
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List 2021 & how to use it the right way to support your dev team.
Open Source Risk Management in the Financial Sector
The financial sector has embraced open source, now they need to manage and secure it using a Software Composition Analysis solution.
Securing Your Package Manager’s Lockfiles
learn how your package managers’ lockfiles risk your supply chain security, and how to mitigate the risks.
The Forrester Wave™ Software Composition Analysis, Q3 2021: Key Takeaways
The Forrester Wave on Software Composition Analysis helps identify which vendor offers the best solution to protecting your open source.
The Forrester Wave: Software Composition Analysis, 2021 – WhiteSource Is a Leader
What’s in the report? Find out how the top 10 SCA vendors rank and why Forrester named WhiteSource a leader in their Software Composition Analysis Wave™ Report, Q3 2021. Why should Software Composition Analysis matter to you? Forrester reports that open source components made up 75% of all code bases in 2020, up from 36%...
Industry Experts Weigh In: Addressing Digital Native Security Challenges
Mend hosted industry experts at a roundtable to provide their insights and tips on the challenges of digital native security.
DevOps vs. Agile: What Is the Difference?
Learn about the similarities and differences between Agile and DevOps software development methodologies.
How to Bridge the Cybersecurity Skills Gap
how your organization can help developer and security teams bridge the cybersecurity skills gap
The Complete Guide to Prototype Pollution Vulnerabilities
An in-depth look at Prototype Pollution vulnerabilities and how to mitigate them.
The Complete Guide to Open Source Security
The ins and outs of open source security in one comprehensive guide. A full rundown of all security measures.
How Packages’ External Resources Threaten Your Supply Chain
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Penetration Testing — A Detailed Guide
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.