Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

The Latest Trends in API Security: The 2023 OWASP API Security Top Ten

The Open Web Application Security Project (OWASP) has published the latest edition of its API Security Top Ten, which was first published in 2019. The Top Ten is a significant daughter list of the OWASP Top Ten, which is one of the most definitive lists of the most severe web application risks. Why is this important? What are its main findings? And what does this mean for application security?

Why Dependency Management Reduces Your Enterprise's Technical Debt

There are many ways to incur technical debt but the broadest reason it both exists and persists is that most applications are old and most software developers are working on new things. In an ideal world, agile organizations would have very little technical debt because they should always return to their code and improve it. But in the real world, the fast pace of continuous rollouts means agile organizations can be especially prone to collecting large amounts of technical debt.

Cybersecurity Awareness Month 2023: Five Reasons You Need Automatic Software Updates for Your Application Security.

October 2023 marks the 20th anniversary of Cybersecurity Awareness Month. The initiative is spearheaded by the U.S. National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Agency (CISA). It is a collaboration between these U.S. government agencies and industry to raise awareness about cybersecurity, the risks we face from digital crime and cyberattacks, and how to protect ourselves from them. This year, the campaign promotes four key behaviors to strengthen cybersecurity.

Vulnerability Assessment: A Guide

The complexity of technology is ever-increasing and the number of breaches (and the cost of dealing with them) is growing right along with it. Governments are cracking down and turning cybersecurity from nice to have to absolutely mandatory. In response, organizations across industries are taking a more serious look at their security posture and, with that, the need to perform thorough vulnerability assessments.

Mend Renovate Enterprise Edition Demo

Reduce Technical Debt with Scalable Automated Dependency Management Regularly maintaining and updating dependencies is crucial to ensuring application security, but in today’s high-volume development world, companies often struggle to balance security risk with development deadlines. Renovate Enterprise Edition helps teams cut technical debt while still meeting deadlines using a solution built for the needs of enterprise development teams. Now, companies can provision as many resources as they like to cover the size and scale of their entire organization without suffering performance problems due to resource limitations.

Mend.io's Rhys Arkins, VP Product Discussing Mend Renovate Enterprise Edition

Reduce Technical Debt with Scalable Automated Dependency Management Regularly maintaining and updating dependencies is crucial to ensuring application security, but in today’s high-volume development world, companies often struggle to balance security risk with development deadlines. Renovate Enterprise Edition helps teams cut technical debt while still meeting deadlines using a solution built for the needs of enterprise development teams. Now, companies can provision as many resources as they like to cover the size and scale of their entire organization without suffering performance problems due to resource limitations.

Mend Renovate Product Family Demo

Mend Renovate scans your software, discovers dependencies, automatically checks to see if an updated version exists, and submits automated pull requests. Mend.io provides Renovate as an open source solution as part of our support for the developer community. For those customers that need a fully scalable, fully supported, fully automated solution, we offer Renovate Enterprise Edition.

Holistic AppSec and Software Supply Chain Security

AppSec and software supply chain security require more than a loose collection of tools and a vulnerability remediation process. A holistic approach covers risk assessment, a secure software development life cycle, software composition analysis (SCA), SBOMs, static and dynamic application security testing (SAST/DAST), workflow automation, automated remediation, runtime protections, compliance reporting and more. Successful implementation of this holistic approach enables companies to shrink their overall attack surface and reduce technical and security debt.

What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?

Two big trends are now converging that will change the way we view and implement software supply chain security and make dependency management a vital part of assuring security. Let’s look at why and how this is happening, and what it means for dependency management.