Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This is the final of a six-part blog series that highlights findings from a new Mend white paper, Five Principles of Modern Application Security Programs. When thinking of adjectives to describe cyberattackers, it’s doubtful that many people would choose to call them innovative – a term we’re more likely to ascribe to things we enjoy. But the reality is that adversaries are innovative, constantly finding new ways to launch attacks that result in greater rewards for less effort.

First started as an open-source project in 2018, Mend Renovate automates open source dependency updates in software projects. Renovate has enabled a diverse user base across github.com and gitlab.com, reducing risk by mitigating security vulnerabilities and saving developers’ time. Renovate is now endorsed by OpenSSF and Google as the industry standard tool for dependency updates.

Traditional or static authorization methods no longer meet the demands of today’s digital business environment. Data breaches are on the rise (a 23% increase in 2021, as per the Identity Theft Resource Center), forcing organizations to re-evaluate their security and compliance practices.

TFiR has produced its brand-new video show called Let’s See. This is the first time that TFiR has come up with a demo show where we will get to see how some of the technologies and products work.

Modern organizations are adopting a cloud-native approach to their application development. While this approach provides many benefits, it also makes organizations face several challenges, including the challenge of securing the application with a completely different approach. In this blog, we will discuss how software changes and how organizations should think about securing it.

Setting employee controls for IT to manage is the biggest challenge to cloud-native expansion, according to 64% of the developers surveyed in our 2022 Cloud-Native Alignment report.

‘Tis the season for a busy weekend of software supply chain attacks. Over the past three days, the Mend research team identified two separate attacks that published malicious packages to npm. Mend Supply Chain Defender quickly identified the malicious code; the owners were notified, and the packages were removed. That does not fully remove the risk, however. The first package has 9.5 million downloads, while account CI keys were compromised in the second, which can cause significant damage.