Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2024

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

The increasing reliance on open-source software coupled with the accelerated pace of software development has created a growing need for support of deprecated packages. The significant majority of open-source software packages are not actively maintained, meaning vulnerabilities are not patched, thereby leaving systems open to attack. Malicious actors often target deprecated open-source packages for this very reason.

Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

All About RAG: What It Is and How to Keep It Secure

AI is growing in power and scope and many organizations have moved on from “simply” training models. In this blog, we will cover a common system of LLM use called Retrieval-Augmented Generation (RAG). RAG adds some extra steps to typical use of a large language model (LLM) so that instead of working off just the prompt and its training data, the LLM has additional, usually more up-to-date, data “fresh in mind”.

Vital Signs of Software Dependencies: Understanding Package Health

As the vast majority of modern applications rely heavily on open-source software, dealing with updates for dependencies can become a major hassle for both developers and cybersecurity professionals. Every developer knows the pain of an update breaking their application. Manually determining which dependencies to run can become a massive time-suck, which is why many developers fall behind on updates, leaving applications open to vulnerabilities.

Cybersecurity Awareness Month: AI Safety for Friends and Family

Happy October! The leaves are changing and everyone is starting to get ready for the upcoming holidays, but let’s not forget one of the most important holidays of the year—Cybersecurity Awareness Month! Though our audience is almost entirely cybersecurity experts, we wanted to put something together to help the less technical people in our lives learn more about AI and cybersecurity, because Cybersecurity Month is for everyone.

Don't Treat DAST Like Dessert

Dynamic Application Security Testing (DAST), sometimes referred to as “pentesting in a box”, tests running code for a variety of issues that can’t easily be found by analyzing code with static scanning tools. DAST tools are platform and language agnostic—as long as you have a website or API they can connect to, they’ll get the job done, and find real vulnerabilities in the same places an attacker would.