How Packages’ External Resources Threaten Your Supply Chain
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Read about application security, DevSecOps, license compliance, and software supply chain security.
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Let’s look at 5 organizations that teach programming to kids to nurture the next generation of software developers while also trying to close the gender and race gap in tech.
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.
In this webinar, SonarSource and WhiteSource share how empowering developers with the right tools positively impacts application security.
What is cloud native computing and what are the top concerns in cloud computing security?
Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...
These 8 patch management best practices will help you apply a patching process in order to fix security vulnerabilities.
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.
O volume de ataques maliciosos a sistemas continua aumentando ano após ano, com um número cada vez maior de hackers aproveitando o uso crescente do código aberto durante o desenvolvimento de software para distribuir pacotes maliciosos e explorar vulnerabilidades novas ou já conhecidas. Inscreva-se neste webinário onde vamos tratar de soluções para ajudar no desafio...
With the growing adoption of SCA, a technology that provides both developer-focused tools and governance solutions, more companies place developers, IT, security, and legal on the same page. This is the case of global cloud communications provider Vonage, which needed a SCA solution that could integrate both open source security and license compliance checks automatically...
Mend in partnership with Jonathan Leitschuh found over 100,000 libraries affected by Maven vulnerability CVE-2021-26291.
Achieving Automated Open Source Security with DevSecOps DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for “shifting left” so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing...
Learn how developers can adopt easy practices to secure the open source supply chain without slowing down development.
The relationship between security and developers has traditionally been like two teams competing at a tug-o-war. On one end developers are pulling to produce functional products at breakneck...
In order to incorporate security into your DevOps cycle you need to know the most innovative automated DevSecOps tools around that will help you secure your application without slowing you down.
Learn about the relationship between Docker and Kubernetes. Understand the similarities and differences between Docker Swarm vs. Kubernetes.
Should a modern security strategy be based on the assumptions that source code will never be leaked, or that “internal” networks will never be breached? Join AWS, HackerOne and WhiteSource’s upcoming virtual roundtable discussion where our industry experts will discuss how the importance of security threats have changed as companies and products shift to a...
What is technical due diligence, why it is important for M&As, and which items you need to cover in your technical due diligence checklist.
The days when financial institutions were hesitant to adopt open source software are over. Today, even the largest firms and banks in the financial sector have realized the massive benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. Join our live panel discussion led by industry leaders from Wells...
In the hopes of clearing up some of the confusion, we’ve mapped out some of the elements that can help us conduct an actionable open source license comparison.
President Biden’s executive order places strict standards on software sold to the US government. Learn about the executive order and software supply chain attacks.
Few years ago, JavaScript developers worldwide saw their applications failing to build or compile. It was soon learned that the outages were due to a developer pulling his packages out of npm, a dependency manager for JavaScript. The unpublished packages included an 11-line left-pad function that was downloaded 2.5 million times in the month prior...
Many enterprises consider applications to be the highest security risk. This survey by Ponemon Institute looks at AppSec risks.
We analyzed published open source security vulnerabilities in Struts and Spring to learn more about the state of vulnerability management.
In this webinar, we will suggest a simple framework to the open source vulnerability management challenge and few ways to secure your software supply chain and reduce potential risk.
Read the latest supply chain security news and updates to learn about new supply chain methods exploited in April.
This article focus on how to better manage the supplier dimension of the software supply chain while improving control and visibility.
Dynamic application security testing (DAST), or black-box testing, finds vulnerabilities by attacking an application from the outside while it's is running.
SDLC security should be a top priority nowadays as attacks are directed to the application layer more then ever before and the call for more secure apps for customers strengthens
Learn what a developer security champion is and how it will help your developers shift security left.
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of Mend.
Web vulnerability scanners, a type of black-box testing, are the best way to protect your web application from malicious hackers. These are the top 11 tools.
Docker image security scanning is a core part of Docker security strategy. We explain how it works, why it's important and what its limitations are.
Learn about new trends in the evolving world of open source security, and what you can do to stay secure.
Coding Easter egg is a secret message or feature hidden inside interactive code. In this article we'll be finding some of the stand-out tech Easter eggs.
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape