Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools and strategies you can start using immediately to assess your own supply chain security and put defenses in place to keep your supply chain protected.

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one.

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

Malicious Packages: A Growing Threat to the Software Supply Chain The global economy runs on software applications, and their function and security are critical to every company’s success. Many applications have exploitable vulnerabilities that modern defenders struggle to effectively detect and remediate. In addition to the growing number of vulnerabilities, today’s security teams face the emerging challenge of malicious packages.

Mend Supply Chain Defender helps protect enterprises against software supply chain attacks. It detects and blocks malicious open source packages before your developer can download them — and before they can pollute your codebase with malicious activity. Mend Supply Chain Defender has already detected and reported thousands of malicious packages that were swiftly removed from their registries, to protect open source users from accidentally installing malicious code.

Overview The Mend Jira Security Dashboard is a new option included in the Jira Cloud plugin that provides a centralized view of security issues and risks across all Jira projects, making it easier for you and your teams to prioritize and address security concerns. Use cases for the Jira Security Dashboard The Mend Jira Security Dashboard addresses the following scenarios: As an AppSec Manager, it is imperative to have real-time visibility into the overall security health of your development teams' applications within your issue-tracking tool, Jira.

Mend.io solves the toughest problems in application security for the largest and most demanding organizations in the world, and we do it with automation. Mend.io was the first application security vendor to provide automated remediation workflows for both open source and custom code. We have centered our product strategy on providing industry-leading prioritization of application security threats for both OSS and custom code, integrating automated dependency health to reduce the attack surface and ensuring fast and limitless scale to onboard developers and applications.

Software supply chain threats and increasing regulatory pressures make supply chain security a top priority for software organizations. While building secure applications is a must for any organization, the path to creating secure software is anything but clear. Software bills of materials (SBOMs) have emerged as an essential tool and a roadmap for organizations on their secure software journey.

The ongoing rise in cyberattacks across the software supply chain and a shifting regulatory landscape are forging an unlikely alliance between CISOs, software leaders and legal experts. Privacy, the shifting and diverse regulatory landscape, liability and new AI/ML use cases all present unique challenges and opportunities for risk management, but to best navigate these challenges, legal teams must be involved, too. Why? Because today, software vulnerabilities can represent not just a business risk but a legal risk.

Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities. Delivering new capabilities and addressing existing security technical debt. But what if they can do both at the same time? Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and throughout development.