New York, NY, USA
Aug 2, 2022   |  By Tamir Ben Ari
As security researchers, we see new malicious methods being introduced on a daily basis from the ever-industrious global cadre of malicious actors. But not all of the things we find constitute breaking news. Sometimes, we run across something that doesn’t necessarily pose a threat, but still piques our interest. Instead of being the security equivalent of a four-course meal, it’s more of an amuse bouche.
Jul 26, 2022   |  By Maciej Mensfeld
A possible method of attacking your code base is a bit of social engineering that involves using open source to report potential bugs in software that provides reproduction applications. These applications can include malicious code that can compromise your software and applications. In the blog post, we’ll briefly look at why and how they operate, and how to mitigate this practice.
Jul 19, 2022   |  By Maciej Mensfeld
Recently, there have been some remote code execution (RCE) attacks that included just a single line of well-built code that can run a remote shell. Let’s take a look at why and how these attacks work, why npm is particularly susceptible, what could happen if they get into machines, and how to detect and fix them.
Jul 14, 2022   |  By Adam Murray
Static Application Security Testing (SAST) is one of the principal techniques for assessing the source code of applications to detect possible vulnerabilities. SAST enhances application security during the early stages of the development life cycle and plays an important role in shifting security left. However, there are quite a few myths that are often associated with implementing SAST security tools. Let’s run through the big three.
Jul 7, 2022   |  By Adam Murray
What are cloud-native applications? According to the Cloud Native Computing Foundation (CNCF), the term “cloud native” describes systems that are specifically designed to help build and run scalable applications in all cloud environments, including public, private, and hybrid clouds. Cloud-native applications use the attributes of cloud architecture in ways that legacy systems can’t. They don’t need any onsite computing infrastructure and can scale quickly to meet demand.
Jun 30, 2022   |  By Tamir Ben Ari
Monero (XMR) is an open-source, privacy-oriented cryptocurrency that was launched in 2014. It uses a public distributed ledger containing technology that obscures transaction details to ensure the anonymity of its users. Monero maintains egalitarian mining, allowing anyone to participate. As tempting as it may seem, some go a step further and use the infrastructure of others to participate in mining. Cryptocurrency mining was originally performed using CPUs, and Monero was no different.]
Jun 23, 2022   |  By Luke Brogan
The continuing escalation in cyberattacks on large corporations, coupled with an acceleration of digital transformation, has forced organizations to reassess their security strategies and infrastructure. This escalation has driven growth in the adoption of zero-trust application security and compliance. The zero-trust approach means that no devices or software should be trusted by default, even if they have permissions and previous verification.
Jun 20, 2022   |  By Adam Murray
If your organization develops software and applications to deliver products and solutions, then more than likely you’re using third-party open source components to help create them. According to most estimates, open source components now make up over 80 percent of software products.
Jun 20, 2022   |  By Tamir Ben Ari
Mend Supply Chain Defender reported and blocked dozens of packages from the same author. These packages targeted developers of many companies and frameworks like slack, Cloudflare, Datadog, Metamask, react, Shopify, OpenSea, Angular and more. A dependency confusion attack takes advantage of a software developer’s tendency to pull malicious code from public repositories rather than internal ones.
Jun 16, 2022   |  By Guy Bar-Gil
Developers love GitHub. It’s the biggest and most powerful collaboration platform that programmers, developers, and companies use to develop and maintain their software. It’s the biggest source code host with more than 200 million repositories. And it keeps growing. In 2021, more than 73 million developers used GitHub. It gained over 16 million new users in 2021 alone, and GitHub estimates that user numbers will increase to 100 million developers in the next five years.
Jun 30, 2022   |  By Mend
CEO and co-founder of Mend, Rami Sass, discusses the company's evolution, the Mend platform's capabilities, and more on the exhibit floor at RSAC 2022.
Jun 15, 2022   |  By Mend
Mend company celebration of the launch of its rebrand, from WhiteSource Software to Mend. Mend effortlessly secures what developers create. We remove the burden of application security, allowing teams to meet the need to create and deliver quality, secure code faster.
May 31, 2022   |  By Mend
CEO & co-founder Rami Sass speaks at the company celebration of the rebrand from WhiteSource Software, to Mend.
May 25, 2022   |  By Mend
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.
Apr 13, 2022   |  By Mend
Are you using struggling to fix vulnerabilities in transitive dependencies? WhiteSource can integrate with your repository and provide automatic pull requests with fix recommendations for transitive dependencies.
Apr 5, 2022   |  By Mend
WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters.
Apr 5, 2022   |  By Mend
WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters.
Mar 22, 2022   |  By Mend
WhiteSource provides a simple yet powerful solution for companies to manage open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. The following video is a brief overview the of user interface and some of the feature functionality within.
Mar 14, 2022   |  By Mend
This is a short tutorial on migrating the WhiteSource JFrog Artifactory plugin from any version before 21.12.1 to version 21.12.1
Jan 31, 2022   |  By Mend
Are you using Atlassian JIRA? WhiteSource can integrate with your defect tracking software and quickly detect open source artifacts and their known vulnerabilities. WhiteSource also provides all the information you need to fix these artifacts automatically.
Jul 1, 2020   |  By Mend
Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another. We decided to address this debate and put it to the test by researching WhiteSource's comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why.
Jul 1, 2020   |  By Mend
We surveyed over 650 developers, and collected data from the NVD, security advisories, peer-reviewed vulnerability databases, issue trackers and more, to gather the latest industry insights in open source vulnerability management.
Jun 1, 2020   |  By Mend
Developers across the industry are stepping up to take more responsibility for their code's vulnerability management. In this report we discuss trends in how security is shifting left to the earliest stages of development, putting the power developers in the front seat. We explore the growth of automated tools aimed at helping developers do more with fewer resources and look for answers on what is needed to help close the gap from detection to remediation.
Jun 1, 2020   |  By Mend
Software development teams are constantly bombarded with an increasingly high number of security alerts. Unfortunately, there is currently no agreed-upon strategy or a straightforward process for vulnerabilities' prioritization. This results in a lot of valuable development time wated on assessing vulnerabilities, while the critical security issues remain unattended.

No component overlooked. Mend identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.

Not all vulnerabilities are created equal. Mend prioritizes vulnerabilities based on whether your code utilizes them or not, so you know exactly what needs your attention the most. This reduces security alerts by up to 85%, allowing you to remediate more critical issues faster.

Complete Platform:

  • Mend Core: We help you keep things in order.Mend is built to streamline your open source governance. With a full layer of alerting, reporting and policy management, you are effortlessly secure and always in control.
  • Mend for Developers: Mend for Developers is uniquely designed to simplify developers’ work, while keeping the code secure. Its suite of tools helps speed up integration, find problematic components, and remediate them quickly and easily.
  • Mend for Containers: Mend integrates into all stages of the container development lifecycle, including container registries and Kubernetes with automated policy enforcement for maximum visibility and control.

The simplest way to secure and manage open source components in your software.