Mend.io Announces Integration of Crowdsourced Renovate Data to Reduce Open Source Attack Surface Risk Up to 80 Percent

Mend.io Announces Integration of Crowdsourced Renovate Data to Reduce Open Source Attack Surface Risk Up to 80 Percent

TEL AVIV, Israel and BOSTON – June 5, 2023 –Mend.io, a leader in application security, today announced the integration of crowdsourced data from Mend Renovate, its popular open source dependency update automation tool with more than one billion Docker pulls, with Mend SCA. The enhancement automates code dependency updates at unprecedented rates. This will help organizations to dramatically lower application security risk, keep software components up to date, and confidently merge updates to ensure fast, reliable, and sustainable application development and deployment. Recently positioned by Gartner as a Visionary in the 2023 Magic Quadrant for Application Security Testing*, Mend.io will showcase this new capability at the Gartner Security & Risk Management Summit 2023, June 5-7, at booth #1155. 

The trend toward more, smaller open-source software packages and more frequent updates has resulted in a backlog of vulnerabilities that security teams struggle to manage manually, even for minor and patch updates with high compatibility. From a security perspective, more than 85 percent of vulnerabilities already have a fix available before they are published in the National Vulnerability Database (NVD). Yet the majority of organizations struggle to update to newer, patched versions. As they linger, older vulnerabilities can become more dangerous and more easily exploited. In 2021, three out of every four attacks were launched through vulnerabilities that were at least four years old.

While it's easier than ever to scan applications and find out-of-date or vulnerable components, making the necessary updates is what matters. Now, Mend SCA has a way to automate remediation of high-confidence updates to reduce security debt without breaking the build.

"This is a North Star aligned achievement for Mend.io. We are proud to introduce capabilities to proactively update the code base to make it less vulnerable," said Rami Sass, CEO of Mend.io. "By leveraging Renovate data in this way, we enable levels of automation that are simply not possible to achieve with other tools in the market."

Mend SCA takes a unique, preventative approach to application security, automating dependency updates to reduce security debt without the need for manual effort.

Using data gathered from over 25 million dependency updates tracked by Renovate, Mend SCA can determine which updates are likely to break a build, enabling teams to confidently deploy changes without slowing the development pipeline.

Mend.io provides this automation via its proprietary confidence algorithms from crowdsourced Renovate data. Confidence is based on three factors:

  • Did the update pass tests without breaking builds?
  • How old is the update?
  • How widely adopted is it?

Join Mend.io at the Gartner Security & Risk Management Summit

Mend.io will discuss its preventative approach to application security leveraging Mend Renovate data at the Gartner Security & Risk Management Summit 2023, booth #1155, June 5-7. Additionally, Sam Quakenbush, senior director of field innovation and strategy at Mend.io, will speak on open source software security best practices. 

Title: Effective SBOMs and Beyond: How to Create a Best-In-Class Open Source Security Program

Abstract: Applications are now the number-one attack vector. Open source software now comprises more than 70 percent of most applications. Supply chain attacks increased 650 percent from 2020 to 2021. If you don't already have an effective open source security program, you need to get one. Learn best-in-class programs and processes to reduce your attack surface, detect malicious open source packages, and respond quickly and with ease to the next Log4j-style announcement.

When: Monday, June 5th, 1:55 - 2:15 p.m.

Where: Theater 4

About Mend.io
Mend.io, formerly known as WhiteSource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world's most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

* Gartner, "Magic Quadrant for Application Security Testing," Authors Dale Gardner, Mark Horvath, Dionisio Zumerle, [17th May 2023].