Read about application security, DevSecOps, license compliance, and software supply chain security.
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security...
HyperLedger is Mend's open source project of the month! HyperLedger is an umbrella project of open source blockchains and related tools
Hoping to gain some useful insights into the developer industry trends, we dove into the data of the 2019 Stack Overflow Developer Survey.
Last week The Forrester Wave™: Software Composition Analysis, Q2 2019 was published. We took part in MediaOps panel discussion to discuss the results of the report and which SCA vendors are right for software development and security teams and their needs.
The new Mend Bitbucket Server Integration provides developers with an open source vulnerabilities management tool within their coding environment.
Containers increase speed, simplify operations, improve development efficiency and bring a slew of other benefits, making them a top choice for agile deployment infrastructure. In our latest panel webinar with Container Journal, we outlined the critical importance of container security and provides best practices and tools to ensure your container environment is as secure as...
Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous...
Jenkins X is Mend's open source project of the month! Jenkins X is a CI/CD tool designed to help ship apps continuously with Kubernetes.
The Heartbleed vulnerability is notorious for causing one of the biggest breaches in history. Learn how Heartbleed affect the use of open source.
We researched open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, & C++, to learn which programming languages are most secure.
Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities. In this webinar with Circle CI, you’ll learn how: – WhiteSource Orb can...
It is no secret – open source has become the main building block in modern applications, and it is almost impossible to develop software at today’s pace without it. However, as the open source community grows, and the number of reported vulnerabilities keeps climbing, manually verifying the security and compliance of open source components can...
application security is becoming a key area of focus for organizations. Join this interactive Q&A panel of industry experts to learn more about: – How to integrate application security testing into the DevOps process early on – Why automation, speed and coverage are critical to the success of DevSecOps programs – Speed vs Security: Where...
We took the opportunity of International Women's Day to hear from female developers at Mend. They offer their stories of how they came to tech as well as advice for companies and women.
Docker vulnerabilities are a growing concern as they move towards heavier adoption in the field. These are 5 Docker vulnerabilities that you should know and a few tips for staying secure.
Mend solution for securing and managing open source usage is now available to Bitbucket users with a pipe integration of Its own.
Bulma is WhiteSurce's open source project of the month! Bulma is an open source modern CSS framework based on the Flexbox layout model.
We interviewed CyberArk's Len Noe about his experience of becoming a Whitehat hacker.
It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018....
Containers are playing a greater role in how we develop and deploy software. We lay out crucial tips for keeping your containers secure.
What is a software vulnerability and how does it impact your application security? We breakdown what they are and how to better protect your data.
SweetAlert2 is our open source project of the month! SweetAlert2 is an open-source customizable modern replacement for JavaScript's popup boxes.
Development is moving faster than ever. We break down what you need to know about shifting left to secure your DevOps pipeline with SecOps best practices.
2018's top ten list of vulnerabilities includes old favorites like Linux and Spring, newer players like AngularJS and Requests, headline grabbers like Struts and Drupal, and more.
Many developers and their organizations know that if they take a hard look at their open source usage, they may find that they are using open source components with high-level vulnerabilities
The good folks over at GitHub Security have been putting in overtime to add new features to improve security. We discuss 3 important features here.
In the spirit of the holidays, we highlighted the 5 most severe open source vulnerabilities of 2018 & 5 open source projects you should know about.
You don’t need an expert to tell you that open source software will be ubiquitous in the enterprise in 2019. You also don’t need an expert to tell you that this will present security challenges either. But what can you do in 2019 to ensure your open source software is as secure as you can...
Musicians and coders have a lot in common. Here are 7 tips inspired by the best rock bands to help your software development team perform like a supergroup.
The National Vulnerability Database is the leading resource for software vulnerabilities. We break down what you need to know to make the most of it.
We ran the free OWASP Dependency-Check to see how it works. Here's our rundown of the pros and cons.
According to the latest open source security research report from WhiteSource, “The State of Open Source Vulnerabilities Management” for 2018, almost 97% of developers rely upon open source components in order to develop their applications nowadays. But with the recent spike in disclosed open source vulnerabilities, the question arises whether security and development teams have...
In appreciation and recognition of their efforts and contribution, we highlight a couple of the female programmers that we are thankful for this year.
Enterprises are coming to realize that while DevOps tools and processes helping them stay innovative within tight release timelines, security risks remain real, immediate, and extremely costly
Halloween special: teams of developers aren't haunted by your typical ghosts, witches, and vampires. So what are developers’ really afraid of?
DevSecOps represents a fundamental shift from the status quo by making security a much more collaborative effort. Applications are the business in this digital age. Securing the applications that drive your business is essential to providing safe digital experiences to your entire business ecosystem. With DevSecOps, security is automated and integrated into the development process....