Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

Strange Bedfellows: Software, Security and the Law

Jul 21, 2023 By Mend In Mend
The ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape are forging an unlikely alliance between CISOs, software leaders and legal experts. Privacy, the shifting and diverse regulatory landscape, liability and new AI/ML use cases all present unique challenges and opportunities for risk management, but to best navigate these challenges, legal teams must be involved, too. Why? Because today, software vulnerabilities can represent not just a business risk but a legal risk.
View Video

Two Birds, One Stone: Shrinking Security Debt and Attack Surfaces

Jul 21, 2023 By Mend In Mend
Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities. Delivering new capabilities and addressing existing security technical debt. But what if they can do both at the same time? Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and throughout development.
View Video

Malicious Package Trend Analysis

Jul 21, 2023 By Mend In Mend
It might seem obvious that regularly upgrading software and dependencies means your software is inherently more secure, but in practice, this is hard to achieve. Choice Hotels struggled to manually maintain their codebase and remediate all the transitive vulnerabilities lurking in the code. Today’s compositional applications created a complex archeological exploration challenge for developers trying to resolve security issues across a codebase. It was time-consuming, tedious, and imperfect.
View Video
mend

Why is Software Vulnerability Patching Crucial for Your Software and Application Security?

Jul 20, 2023 By Adam Murray In Mend

Software vulnerability patching plays a critical role in safeguarding your code base, software, applications, computer systems, and networks against potential threats, and ensuring they’re compliant, and optimized for efficiency. Organizations’ codebases have become increasingly complex, involving sophisticated relationships between components and their dependencies.

Read Post
mend

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk

Jul 18, 2023 By Rami Elron In Mend

AI-related security risk manifests itself in more than one way. It can, for example, result from the usage of an AI-powered security solution that is based on an AI model that is either lacking in some way, or was deliberately compromised by a malicious actor. It can also result from usage of AI technology by a malicious actor to facilitate creation and exploitation of vulnerabilities.

Read Post
mend

Software Supply Chain Compliance: Ensuring Security and Trust in Your Software and Applications

Jul 13, 2023 By Adam Murray In Mend

Software and applications make the world go round. This naturally makes them a top attack target for threat actors, and highlights the importance of robust software supply chain compliance. But how do companies build and implement a compliance strategy that solves the challenges of modern application security? Let’s take a look.

Read Post
mend

The New Era of AI-Powered Application Security. Part One: AI-Powered Application Security: Evolution or Revolution?

Jul 11, 2023 By Rami Elron In Mend

Imagine the following scenario. A developer is alerted by an AI-powered application security testing solution about a severe security vulnerability in the most recent code version. Without concern, the developer opens a special application view that highlights the vulnerable code section alongside a display of an AI-based code fix recommendation, with a clear explanation of the corresponding code changes.

Read Post
mend

How Does SLSA Help Strengthen Software Supply Chain Security?

Jul 7, 2023 By Adam Murray In Mend

A relatively new way of strengthening your software supply chain security is to apply Supply Chain Levels for Software Artifacts (SLSA) in tandem with other tools such as software bills of materials (SBOMs), software composition analysis (SCA) for open source, and static application security testing (SAST) for proprietary code. Let’s take a look at what SLSA is and how its different levels work.

Read Post
mend

Why You Should Avoid Copy and Paste Code

Jul 5, 2023 By Adam Murray In Mend

So many things seem like a good idea at the time. The Red Sox selling Babe Ruth to the Yankees. Decca Records rejecting The Beatles. “New” Coca-Cola. Blockbuster passing on buying Netflix. The formation of Nickelback. Just popping into Ikea for a “quick” look around. Of course, we know differently. And the same can be said about copying and pasting code.

Read Post
mend

Announcing the Open-Source Reliability Leaderboard: A New Resource for Preventive AppSec

Jun 29, 2023 By Carol Hildebrand In Mend

We are excited to announce the inaugural edition of the Mend.io Open-Source Reliability Leaderboard! Powered by data from Renovate, the wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.

Read Post
Subscribe to Mend

Copyright © 2024 OpsMatters™. All rights reserved.