Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

Announcing the Open-Source Reliability Leaderboard: A New Resource for Preventive AppSec

We are excited to announce the inaugural edition of the Mend.io Open-Source Reliability Leaderboard! Powered by data from Renovate, the wildly popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.

Five Tips for Using SBOMs to Boost Supply Chain Security

A Software Bill of Materials (SBOM) is a key cyber defense item — it identifies what’s in your software, applications, and code base so that you can detect and mitigate risk more effectively. This is useful when it comes to application security because companies can only detect and fix vulnerabilities if they know what’s there in the first place. SBOMs give you that visibility. Consequently, SBOMs are now a “must-have” tool for most companies.

Top 10 Questions About the Apache License

According to Mend.io research, the Apache 2.0 license is the most popular license of its kind, as 30% of open source licenses currently in use is Apache. Owing to its frequent use, it’s important to understand how the license works, its benefits, limitations, implications, and requirements. To help you, here are ten frequently asked questions about it.

CVSS 4.0 - What's New?

The latest version of the Common Vulnerability Scoring System, CVSS 4.0, entered its public preview phase at the 35th annual FIRST conference put on by FIRST, the Forum of Incident Response and Security Teams. An international confederation of computer incident response teams, FIRST writes the CVSS specification that plays such an important role in identifying and cataloging software and application vulnerabilities.

How to Boost Confidence in Your Open Source Security with Mend Smart Merge Control

Modern applications are hugely dependent on open-source software. 80 percent of most organizations’ apps and code base is now open source, in some cases more. While this is great for swift development and innovation, it increases the possibility of vulnerabilities arising that bad actors can exploit, and it expands the potential attack surface.

Mend.io Launches AppSec Risk Assessment Program

At Mend.io, we’re always looking for ways to help organizations understand their application security risk. This week, we’re proud to announce a new initiative designed to make it easier than ever for organizations to visualize and remediate their biggest sources of risk: the Mend.io AppSec Risk Assessment Program.

Understanding the Anatomy of a Malicious Package Attack

To identify malicious packages and protect yourself against them, you need to know what to look for. Here’s a simple guide. In January 2022, users of the popular open-source libraries “faker” and “colors” suddenly found their applications started to malfunction and display nonsensical data because they had been infected by a malicious package.

The Top 10 Questions about the GPL License - Answered!

The GNU General Public License (GPL) is one of the most widely used open source software licenses. It was created by the Free Software Foundation (FSF) to protect the GNU’s software from being made proprietary. The GPL emphasizes the principles of software freedom and promotes the sharing of knowledge and collaboration. It is a copyleft license that requires any modified versions or derivative works to be licensed under the GPL.