The Forrester Wave™ Software Composition Analysis, Q3 2021: Key Takeaways
The Forrester Wave on Software Composition Analysis helps identify which vendor offers the best solution to protecting your open source.
Read about application security, DevSecOps, license compliance, and software supply chain security.
The Forrester Wave on Software Composition Analysis helps identify which vendor offers the best solution to protecting your open source.
Mend hosted industry experts at a roundtable to provide their insights and tips on the challenges of digital native security.
Learn about the similarities and differences between Agile and DevOps software development methodologies.
how your organization can help developer and security teams bridge the cybersecurity skills gap
An in-depth look at Prototype Pollution vulnerabilities and how to mitigate them.
The ins and outs of open source security in one comprehensive guide. A full rundown of all security measures.
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.
In this webinar, SonarSource and WhiteSource share how empowering developers with the right tools positively impacts application security.
What is cloud native computing and what are the top concerns in cloud computing security?
These 8 patch management best practices will help you apply a patching process in order to fix security vulnerabilities.
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...
Mend in partnership with Jonathan Leitschuh found over 100,000 libraries affected by Maven vulnerability CVE-2021-26291.
Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...
Learn how developers can adopt easy practices to secure the open source supply chain without slowing down development.
The relationship between security and developers has traditionally been like two teams competing at a tug-o-war. On one end developers are pulling to produce functional products at breakneck...
Learn about the relationship between Docker and Kubernetes. Understand the similarities and differences between Docker Swarm vs. Kubernetes.
Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...
The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...
President Biden’s executive order places strict standards on software sold to the US government. Learn about the executive order and software supply chain attacks.
Few years ago, JavaScript developers worldwide saw their applications failing to build or compile. It was soon learned that the outages were due to a developer pulling his packages out of npm, a dependency manager for JavaScript. The unpublished packages included an 11-line left-pad function that was downloaded 2.5 million times in the month prior...
Many enterprises consider applications to be the highest security risk. This survey by Ponemon Institute looks at AppSec risks.
We analyzed published open source security vulnerabilities in Struts and Spring to learn more about the state of vulnerability management.
In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
Read the latest supply chain security news and updates to learn about new supply chain methods exploited in April.
Dynamic application security testing (DAST), or black-box testing, finds vulnerabilities by attacking an application from the outside while it's is running.
SDLC security should be a top priority nowadays as attacks are directed to the application layer more then ever before and the call for more secure apps for customers strengthens
Learn what a developer security champion is and how it will help your developers shift security left.
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
Web vulnerability scanners, a type of black-box testing, are the best way to protect your web application from malicious hackers. These are the top 11 tools.
Docker image security scanning is a core part of Docker security strategy. We explain how it works, why it's important and what its limitations are.
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape
Is open source code more secure than proprietary code? This has been an ongoing question for years. We claim that open source is more secure than the average commercial closed source software
It’s no secret that 2020 was a difficult year. The pandemic and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home. Despite the increases in these...