How to Make Your Vulnerability Management Metrics Count
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.
Read about application security, DevSecOps, license compliance, and software supply chain security.
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.
Learn why vulnerability management is becoming increasingly important, discover the fundamentals and techniques behind the vulnerability management process.
Learn more about what Infrastructure as code (IaC) is, its benefits, and best practices for how to use this technology securely.
In order to gain a better understanding of the process of open source vulnerability management, we decided to take a deep dive into npm — one of the most popular platforms in the open source dev community.
With each passing year, open source software use increases. But this trend does not come without a price. Modern software’s heavy reliance on open source components created space for exploitation by malicious actors. New threats are challenging to detect and to protect against. This session should arm you with knowledge about the risks and practical...
As organizations struggle to keep the application layer secure, more security tasks are added to developers’ already heavy workloads. The result: alert fatigue, friction between security and development teams and, ultimately, higher risk as security debt continues to grow. Clearly, requiring developers to become instant security experts is not a viable option. What are the...
What are the ingredients that go into our software supply chain? Understanding why we need SBOMs.
Learn about the benefits and challenges of reporting-centric SBOMs vs. remediation-centric SBOMs.
Keep your vulnerability management plan up-to-date. Address today’s threat landscape with advanced vulnerability detection, prioritization, and remediation.
Every piece of code, module, or package has an element of risk associated with it. Learn how to evaluate and treat that risk to reduce the likelihood of failure.
Learn how to use SBOMs to better track and fix known and newly emerging vulnerabilities to keep your applications secure.
...Is ua-parser-js? The affected library – ua-parser-js – is a “JavaScript library to detect Browser, Engine, OS, CPU, and Device type/model from User-Agent data,” i.e., based on the browser used....
The usual methods of securing your apps are no longer enough. Here is why you need to implement zero trust in DevSecOps
The sharp increase in attacks on organizations’ software supply chains requires policy makers to address supply chain risks with a more structured approach. President Biden’s Cybersecurity Executive Order #14028 and NTIA’s Software Component Transparency initiative aim to strengthen supply chain security through advanced visibility over organizations’ software bill of materials (SBOM). It’s crucial to formulate...
Over the past years, attacks on the application layer have become more and more common. Recent research reports on reducing enterprise AppSec risks have found that the highest level of security risk is considered by many to be in the application layer. Applications remain a top cause of external breaches, and the prevalence of open...
Learn how to transform your team from DevOps to DevSecOps smoothly and successfully. Understand the benefits of making the transition to DevSecOps.
How Mend Cure’s automated remediation technology helps developers get ahead of security issues without slowing down development.
Learn how Zero Trust model can boost your software supply chain security.
We break down the basics of what you need to know about the OWASP Top 10 Vulnerabilities List 2021 & how to use it the right way to support your dev team.
As organizations AppSec tools and practices shift left in the DevOps pipeline, development teams are required to assume responsibility for security tasks. While this is an important step toward achieving DevSecOps maturity, integrating application security testing tools risks burying developers under a seemingly never-ending list of security alerts. How can organizations make sure that development...
Learn what happened, the impact of the attack, how it was discovered, and what you can do to prevent it from affecting your apps
The financial sector has embraced open source, now they need to manage and secure it using a Software Composition Analysis solution.
learn how your package managers’ lockfiles risk your supply chain security, and how to mitigate the risks.
The Forrester Wave on Software Composition Analysis helps identify which vendor offers the best solution to protecting your open source.
Mend hosted industry experts at a roundtable to provide their insights and tips on the challenges of digital native security.
Learn about the similarities and differences between Agile and DevOps software development methodologies.
how your organization can help developer and security teams bridge the cybersecurity skills gap
An in-depth look at Prototype Pollution vulnerabilities and how to mitigate them.
Learn how packages’ external resources threaten your supply chain, and how you can mitigate the risks.
Let’s look at 5 organizations that teach programming to kids to nurture the next generation of software developers while also trying to close the gender and race gap in tech.
Understand what penetration testing is, why it’s important, its stages, approaches, and tools.
In this webinar, SonarSource and WhiteSource share how empowering developers with the right tools positively impacts application security.
What is cloud native computing and what are the top concerns in cloud computing security?
Open source adoption is increasing rapidly within the financial services industry. Thanks to cutting edge technologies, affordability, flexibility, and the power of the open source community – more and more financial institutions are encouraged to integrate open source components into their investment and more data processing systems. Meanwhile, the industry’s growing list of compliance initiatives...
These 8 patch management best practices will help you apply a patching process in order to fix security vulnerabilities.
To celebrate Pride month, Mend is highlighting a few of our favorite open source projects and programs that support LGBTQ+ communities.