Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

AI Governance in AppSec: The More Things Change, The More They Stay the Same

Mar 7, 2025 By Aurora Starita In Mend
Every hype cycle brings fresh security concerns, and AI is no exception. AI governance might sound like uncharted territory, but it’s really just another evolution of the same security principles AppSec teams have been applying for years. The fundamentals—secure coding, risk management, compliance, and policy enforcement—haven’t changed.
Read Post
mend

Securing AI vs AI Security: What Are We Talking About?

Feb 20, 2025 By Sarah Moglia In Mend
Lately, it seems like the only thing anyone is talking about in the technology sector is Artificial Intelligence. With good reason! AI is an incredibly powerful tool that is only going to grow in usage and scope. However, there seems to be a lot of confusion around various terms involving AI and security. The focus of this blog will be breaking down the differences between securing AI, secure AI use, AI for security, and AI safety.
Read Post

Mend.io, formerly known as Whitesource #securityvulnerability #coding

Feb 9, 2025 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
mend

2025 OWASP Top 10 for LLM Applications: A Quick Guide

Feb 6, 2025 By Aurora Starita In Mend
Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.
Read Post
mend

Fake VS Code Extension on npm Spreads Multi-Stage Malware

Feb 6, 2025 By Tom Abai In Mend
In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware. This blog takes a closer look at how the malicious extension operates, its obfuscation techniques, and IOCs related to this incident.
Read Post

The Truth Behind Successful Security Operations Centers (SOC) |Secrets of AppSec Champions

Feb 4, 2025 By Mend In Mend
In this eye-opening episode, Reanna Schultz, an experienced Security Operations Center (SOC) team leader, pulls back the curtain on what makes a modern SOC truly effective. Drawing from her six-year journey through various cybersecurity roles, she reveals how SOCs serve as an organization's first line of defense against cyber threats.
View Video
mend

AI Powered Remediation: Mend SAST Performs +46% Better Than Competitors

Jan 28, 2025 By Aurora Starita In Mend
Security teams face limited resources and a growing attack surface while developers struggle with security responsibilities that feel burdensome, annoying, or seem to conflict with their first priorities. AppSec teams turn to static application security testing (SAST) tools to identify vulnerabilities in first-party code early in the software development lifecycle while developers can still fix issues before the code is old and forgotten about.
Read Post
mend

Mend.io and JetBrains Partner to Bring Enhanced Code Security to Developers

Jan 21, 2025 By Mend.io Communications In Mend
At Mend.io, we’re passionate about code security. That’s why we’re thrilled to announce a strategic partnership with JetBrains that integrates Mend.io’s robust security solutions directly into JetBrains IDEs and Qodana environments. With the help of Mend.io, JetBrains users will now have access to robust Software Composition Analysis (SCA) and malicious package detection.
Read Post

Building Trust in Cybersecurity: Insights from Veteran CISO Rob Wood | Secrets of AppSec Champions

Jan 21, 2025 By Mend In Mend
Trust is the invisible currency of business, and it's built in drops but lost in buckets. As security professionals, we often focus on competence - having the right controls, frameworks, and processes in place. But competence alone isn't enough when things go wrong. When a security incident happens, your customers' trust in you hangs in the balance. They're scared, frustrated, and looking for leadership. This is where benevolence and integrity become crucial.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.