Celebrating Pride: LGBTQ+ Open Source Projects and Programs We Love
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
Choose Your Type
Choose Your Topic
Our Latest Content
How Vonage Uses SCA to Automate Open Source Security & Compliance
With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...
Research Shows Over 100,000 Libraries Affected By Maven Vulnerability CVE-2021-26291
Mend in partnership with Jonathan Leitschuh found over 100,000 libraries affected by Maven vulnerability CVE-2021-26291.
Achieving Automated Open Source Security with DevSecOps
Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...
Supply Chain Security — 10 Tips That Won’t Slow Development Down
Learn how developers can adopt easy practices to secure the open source supply chain without slowing down development.
5 Steps to Get Your Developers to Care More About Security
The relationship between security and developers has traditionally been like two teams competing at a tug-o-war. On one end developers are pulling to produce functional products at breakneck...
Docker Vs. Kubernetes: A Detailed Comparison
Learn about the relationship between Docker and Kubernetes. Understand the similarities and differences between Docker Swarm vs. Kubernetes.
Shifting Priorities of Digital Native Security
Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...
Open Source Risk Management in the Financial Sector
The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...
Biden’s Cybersecurity Executive Order Focuses on Supply Chain Attacks
President Biden’s executive order places strict standards on software sold to the US government. Learn about the executive order and software supply chain attacks.
Why Open Source Dependencies Are Your Blind Spot?
Few years ago, JavaScript developers worldwide saw their applications failing to build or compile. It was soon learned that the outages were due to a developer pulling his packages out of npm, a dependency manager for JavaScript. The unpublished packages included an 11-line left-pad function that was downloaded 2.5 million times in the month prior...
Reducing Enterprise AppSec Risks: Ponemon Report Key Takeaways
Many enterprises consider applications to be the highest security risk. This survey by Ponemon Institute looks at AppSec risks.
Open Source Vulnerabilities Overview: Apache Struts vs. Spring
We analyzed published open source security vulnerabilities in Struts and Spring to learn more about the state of vulnerability management.
Cyber Attacks From Open Source Perspective
In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
Three New Supply Chain Attack Methods You Should Be Aware Of
Read the latest supply chain security news and updates to learn about new supply chain methods exploited in April.
Dynamic Application Security Testing: DAST Basics
Dynamic application security testing (DAST), or black-box testing, finds vulnerabilities by attacking an application from the outside while it's is running.
How To Secure Your SDLC The Right Way
SDLC security should be a top priority nowadays as attacks are directed to the application layer more then ever before and the call for more secure apps for customers strengthens
Developer Security Champions Rule the DevSecOps Revolution
Learn what a developer security champion is and how it will help your developers shift security left.
Welcome to Mend, Diffend!
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
The Top 11 Web Vulnerability Scanners
Web vulnerability scanners, a type of black-box testing, are the best way to protect your web application from malicious hackers. These are the top 11 tools.
Docker Image Security Scanning: What It Can and Can’t Do
Docker image security scanning is a core part of Docker security strategy. We explain how it works, why it's important and what its limitations are.
All About Mend’s 2021 Open Source Security Vulnerabilities Report
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
Forrester’s State Of Application Security Report, 2021: Key Takeaways
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape
3 Reasons Why Open Source Software is More Secure than Commercial Software
Is open source code more secure than proprietary code? This has been an ongoing question for years. We claim that open source is more secure than the average commercial closed source software
The Main Appsec for 2021
It’s no secret that 2020 was a difficult year. The pandemic and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home. Despite the increases in these...
The State of Open Source Vulnerabilities 2021
Mend Annual Report Open Source Vulnerabilities 2021
Top 3 AppSec Challenges to the Financial Industry
What are the top challenges facing the financial industry today, and how can financial institutions address them?
The Top 10 Linux Kernel Vulnerabilities You Must Know
The Linux kernel is one of the most popular open source components used by developers, but it is also one of the most vulnerable. Here are the Top 10 Linux kernel vulnerabilities of the past decade.
Mend on Mend
We here at Mend often get asked if we use our own software when we’re developing our product. It’s a fair question. Like most of our customers, we write a lot of code. A lot of code. And we want it to be secure. Really secure. So it should come as no surprise that the answer to...
The Internet of Things Is Everywhere. Are You Secure?
Learn about the Internet of things (IoT) and the role of open source and application security.
Tackling Open Source Governance in the Enterprise
The growing scale of Open Source adoption requires organizations to invest in implementing the right tool sets and processes to govern an increasingly complex Open Source licensing landscape, as well as minimize the potential legal risks. The application of these policies and processes can be collectively referred to as an Open Source Governance framework. Investing...
Your Guide to Open Source Vs Proprietary Software Security
The differences between open source and proprietary code security and how to best secure each form of code. The tools and practices needed for open source and closed source security.
PCI Software Security Framework: All You Need to Know
The goal of the PCI Software Security Framework is to provide developers of payment applications better security guidelines while providing the companies using payment applications with better tools to assess the security of the software they are using. In many ways, this framework is similar in intent to the Payment Application Data Security Standard (PCI...
Hitting Snooze on Alert Fatigue in Application Security
Medical devices, subway car doors, severe weather warnings, heavy machinery, car alarms, software security alerts. They all notify you to indicate that something is wrong so that you can take action to prevent harm. Hospital monitors can detect a wide range of issues, from an incorrect dose of medication to an irregular heartbeat and beyond....
How to Reduce Enterprise Application Security Risk
WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce...
Managing Security Debt: How to Reduce Security Deficit
Software development organizations are struggling under rising security debt. Learn what causes security debt, and how it can be managed and reduced.