Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2023

Top Open Source Licenses Explained

An open source license is a binding legal contract between author and user that declares the certain conditions in which a piece of software can be used, which is especially relevant in commercial applications. This license is what turns software components into open source components, allowing developers to use that software so long as they keep the specific terms and conditions laid out in the license. There are a lot of open source licenses, over 200 in fact.

Building Security Culture Starts with Building Relationships

Code doesn’t write itself and software doesn’t secure itself, as much as the race is on to make that happen. At the beginning and end of everything in software is people and, importantly, people interacting with each other. Having great tools doesn’t matter if no one uses them, and having great policies doesn’t matter if no one enforces them.

What New Security Threats Arise from The Boom in AI and LLMs?

Generative AI and large language models (LLMs) seem to have burst onto the scene like a supernova. LLMs are machine learning models that are trained using enormous amounts of data to understand and generate human language. LLMs like ChatGPT and Bard have made a far wider audience aware of generative AI technology. Understandably, organizations that want to sharpen their competitive edge are keen to get on the bandwagon and harness the power of AI and LLMs.

Get More Out of Mend.io with Repository Integrations

How do you build a successful AppSec program? Today, we’re focusing on an area where we have great evidence for a specific best practice – Repository Integration. Choosing where to deploy SCA scans can have a major impact on the success of your AppSec program. You can boost the value of Mend SCA by scanning in your repositories, and we want to show you how!

Mend.io Customer Success Story - WTW

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.