2023 Gartner® Magic Quadrant™ for Application Security Testing
Mend.io has been recognized by Gartner as a Visionary. Mend.io has been recognized for its completeness of vision and ability to execute.
Learn more about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
Mend.io has been recognized by Gartner as a Visionary. Mend.io has been recognized for its completeness of vision and ability to execute.
Malicious packages are a growing threat, and they may already have infiltrated your applications. Malicious package attacks spiked significantly from 2021 to 2022, further indication of their growing security risk to the open source ecosystem. Mend.io research observed a 315 percent spike in the publication of malicious packages to open source registries such as npm...
This report identifies the extent to which the financial services industry is active in open source, creating a baseline of understanding of governance, leadership, consumption, contribution, culture, and overall open source aspiration. Further, the report highlights the obstacles and challenges to improving industry-wide collaboration and concludes with a set of actionable insights for improving the...
Mend’s new Open Source Risk Report delves into the significant risk posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.
What’s in the report? Find out how the top 10 SCA vendors rank and why Forrester named WhiteSource a leader in their Software Composition Analysis Wave™ Report, Q3 2021. Why should Software Composition Analysis matter to you? Forrester reports that open source components made up 75% of all code bases in 2020, up from 36%...
Mend Annual Report Open Source Vulnerabilities 2021
Whitesource Ponemon Research Report: "Reducing Enterprise Application Security Risks"
Mend Report - DevSecOps Insights 2020
Mend Report - Developers Are Taking Over AppSec