Welcome To Mend Webinars Center

Watch webinars about application security, DevSecOps, open source license compliance and audit

Choose Your Type

Choose Your Topic

Our Latest Webinars

DevSecOps Roundtable Discussion

Attacks on software supply chains have greatly accelerated the rate at which organizations are now embracing DevSecOps best practices to secure both legacy monolithic and emerging cloud-native applications. Adopting a DevSecOps approach can help maintain the speed of application development and deployment while ensuring the security and stability of applications. But the range of technologies...

Software Security Challenges & Opportunities in Banking

The banking industry lives and dies by being fast, accurate, and completely dependable. It’s critical that you can detect, identify, and remediate software vulnerabilities as fast as possible, to reinforce application security most effectively. This is particularly vital with open source software that is increasingly prevalent in your sector, where its use continues to grow...

Building a Modern Application Security Strategy for an App-Run World

As a foundational element of the online world, applications are a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To adapt and defend against our constantly evolving threat landscape, organizations need to build a modern AppSec strategy based on today’s digital world. Join Jeffrey Martin, VP of Outbound Product...

Why Software Composition Analysis is “Transformational” Technology

While software composition analysis (SCA) has been around for years, today’s analysts are enhancing their recommendation for enterprise development teams to use the technology. One example: at the recent Gartner Security and Risk Management Summit, Gartner analyst Dale Gardner said: “Managing open-source software is the easiest and most impactful thing you can do to improve...

Plan and Protect: A Modern Plan for Open-Source Security

In today’s digital world, open-source software is vital to modern application development. And as we know, what’s important to the business world is important to threat actors. But how can companies successfully combat the rising tide of vulnerabilities? Join experts from WhiteSource and Microsoft as they discuss the value of blending proactive practices to code...

How SAST and SCA together make your security stronger?

Risks from application vulnerabilities have multiplied as more applications get developed. To address this issue, Static Application Security Testing (SAST) identifies security vulnerabilities in the custom code written by application developers. Simultaneously, Software Composition Analysis (SCA) safeguards the open-source components that comprise between 60% and 80% of the codebase in modern applications. Join Susan St.Clair,...

How to Build a Threat Model for Kubernetes Systems

As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...

SCA Your First Step Toward Supply Chain Security

Research shows that open source supply chain attacks are now the #2 most common attack vector. The breach of SolarWinds showed just how devastating a software supply chain attack can be. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).

Hidden Risks of Using Open Source Software

With each passing year, open source software use increases. But this trend does not come without a price. Modern software’s heavy reliance on open source components created space for exploitation by malicious actors. New threats are challenging to detect and to protect against. This session should arm you with knowledge about the risks and practical...

Addressing Security Debt with a Developer First approach webinar

As organizations struggle to keep the application layer secure, more security tasks are added to developers’ already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the...

Managing Supply Chain Security Risks in the Enterprise

The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s Cybersecurity Executive Order #14028 and NTIA’s Software Component Transparency initiative aim to strengthen supply chain security through advanced visibility over organizations’ software bill of materials (SBOM). It’s crucial to formulate...

Reducing Open Source Security Risks in Apps & IoT Devices

Over the past years, attacks on the application layer have become more and more common. Recent research reports on reducing enterprise AppSec risks have found that the highest level of security risk is considered by many to be in the application layer. Applications remain a top cause of external breaches, and the prevalence of open...

Removing Technical and Security Debt with Dev – First AppSec tooling

As organizations AppSec tools and practices shift left in the DevOps pipeline, development teams are required to assume responsibility for security tasks. While this is an important step toward achieving DevSecOps maturity, integrating application security testing tools risks burying developers under a seemingly never-ending list of security alerts. How can organizations make sure that development...

Accelerating Innovation With Open Source and Agile Compliance in the Financial Sector

Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...

Ataques Cibernéticos – Uma Perspectiva Open Source (Portuguese)

O volume de ataques maliciosos a sistemas continua aumentando ano após ano, com um número cada vez maior de hackers aproveitando o uso crescente do código aberto durante o desenvolvimento de software para distribuir pacotes maliciosos e explorar vulnerabilidades novas ou já conhecidas. Inscreva-se neste webinário onde vamos tratar de soluções para ajudar no desafio...

How Vonage Uses SCA to Automate Open Source Security & Compliance

With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...

Achieving Automated Open Source Security with DevSecOps

Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...

Shifting Priorities of Digital Native Security

Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...

Open Source Risk Management in the Financial Sector

The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...

The Main Appsec for 2021

It’s no secret that 2020 was a difficult year. The pandemic and as a result, the lockdowns and quarantines sent tens of millions of global workers home, and the remote work caused a dramatic increase in the number of ransomware, phishing attacks, and accidental breaches by employees working at home. Despite the increases in these...

Selecting Technology Solution To Comply With OpenChain ISO Standard

OpenChain ISO/IEC 5230 is the International Standard for open source license compliance. Its relevance to modern software development is growing and it allows companies of all sizes and in all sectors to adopt the key requirements of a quality open source compliance program. The need to manage the software supply chain has never been more important given the ever-increasing dependence on third party...

Tackling Open Source Governance in the Enterprise

The growing scale of Open Source adoption requires organizations to invest in implementing the right tool sets and processes to govern an increasingly complex Open Source licensing landscape, as well as minimize the potential legal risks. The application of these policies and processes can be collectively referred to as an Open Source Governance framework. Investing...

How to Reduce Enterprise Application Security Risk

WhiteSource, in conjunction with Ponemon Institute, recently surveyed over 600 IT and IT security practitioners who are familiar with their organizations’ approach to securing applications – and here’s a spoiler: the highest level of security risk is considered by many organizations to be in the application layer. So what can Enterprise organizations do to reduce...

AWS Oil and Gas Roundtable

As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and...

ISIT Shifting Compliance & Security Left – Into the Hands of The Developers

The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production.  Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...