Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your First 90 Days in a New AppSec Role with Anthony Israel-Davis - Secrets of AppSec Champions

Aug 5, 2024 By Mend In Mend
Join host Chris Lindsey as he digs into the world of Application Security with experts from leading enterprises. Each episode is theme based, so it's more conversational and topic based instead of the general interview style. Our focus is growing your knowledge, providing useful tips and advice. With Chris' development background of 35 years, 15+ years of secure coding and 3+ years running an application security program for large enterprise, the conversations will be deep and provide a lot of good takeaway's that you can use almost immediately.
View Video
mend

Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification

Jul 30, 2024 By Maciej Mensfeld In Mend
Large language models are fascinating tools for cybersecurity. They can analyze large quantities of text and are excellent for data extraction. One application is researching and analyzing vulnerability data, specifically Common Vulnerabilities and Exposures (CVE) information. As an application security company with roots in open source software vulnerability detection and remediation, the research team at Mend.io found this a particularly relevant area of exploration.
Read Post
mend

A Guide to Open Source Software

Jul 26, 2024 By AJ Starita In Mend
Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the software.
Read Post
mend

Dependency Management: Protecting Your Code

Jul 12, 2024 By AJ Starita In Mend
Managing dependencies isn’t always easy, but it’s critical for protecting your code. In this guide, we’ll explore what dependencies are and how they can be checked for known vulnerabilities, compatibility, licensing requirements, and more. We’ll then learn that dependency checks should be part of a dependency management strategy to keep applications up to date and reduce security risks and technical debt.
Read Post
mend

More than 100K sites impacted by Polyfill supply chain attack

Jul 1, 2024 By Tom Abai In Mend
Polyfill.js is a popular open-source project that provides modern functionality on older browsers that do not support it natively; users embed it using the cdn.polyfill.io domain. On February 24, 2024, a Chinese company named Funnull acquired both the domain and the Github account. Following that acquisition, the developer, Andrew Betts, tweeted on his X account a warning for all of his service’s users urging them to remove any reference to polyfill from their code.
Read Post
mend

Dependency Management vs Dependency Updates: What's the Difference?

Jun 26, 2024 By AJ Starita In Mend
It’s not uncommon to hear people refer to updating dependencies as “dependency management”. They’re not wrong; keeping dependencies up to date is a big part of dependency management, but it’s not everything. Read on to learn more about the differences between the two.
Read Post
mend

Hallucinated Packages, Malicious AI Models, and Insecure AI-Generated Code

Jun 20, 2024 By AJ Starita In Mend
AI promises many advantages when it comes to application development. But it’s also giving threat actors plenty of advantages, too. It’s always important to remember that AI models can produce a lot of garbage that is really convincing—and so can attackers. “Dark” AI models can be used to purposely write malicious code, but in this blog, we’ll discuss three other distinct ways using AI models can lead to attacks.
Read Post
mend

Quick Guide to Popular AI Licenses

Jun 17, 2024 By AJ Starita In Mend
Only about 35 percent of the models on Hugging Face bear any license at all. Of those that do, roughly 60 percent fall under traditional open source licenses. But while the majority of licensed AI models may be open source, some very large projects–including Midjourney, BLOOM, and LLaMa—fall under that remaining 40 percent category. So let’s take a look at some of the top AI model licenses on Hugging Face, including the most popular open source and not-so-open source licenses.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.