Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

Container Images - Code Source

Mend for GitHub.com Code Source provides a streamlined and highly effective approach to tracing vulnerabilities back to their source code in repositories. Mend’s proprietary labeling achieves this by adding the source repository URL and the Dockerfile path to your Dockerfile using OCI annotations, saving you time in researching risks detected on your built container images.

Adversaries Are Using Automation. Software Vendors Must Catch Up

We won’t start yet another blog yammering about how bad the consequences of an attack are. There’s a lot on the line, including both financial and reputational losses. You get it. We get it. Cybercriminals definitely get it. Another thing cybercriminals get is automation. Attacks are up and their rise is expected to continue, in no small part due to the fact that attackers are using automation to scale their criminal enterprises.

The CISO's Guide to AppSec Innovation

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one.

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

Operationalizing DevSecOps Roundtable

DevSecOps best practices are increasingly being adopted to better secure software supply chains. The challenge, though, is finding ways to operationalize these processes so they’re seamless and development and deployment don’t slow down. Join Shiri Arad Ivtsan, Senior Director of Product Management – Mend.io, in this editorial roundtable as these experts explore the challenges DevOps teams and developers face in operationalizing security into their workflows and processes, what’s taking so long to do so and how AI and automation can help.

Malicious Packages Special Report - Attacks Move Beyond Vulnerabilities

Threat actors are after our sensitive data. In 2023, the number of malicious packages published to Node Package Manager (npm) and RubyGems ballooned 315% compared to 2021, and 85% of malicious packages discovered in existing applications were capable of exfiltration – meaning they could cause an unauthorized transmission of information. Software packages containing malicious code are a growing threat, and they may have unknowingly infiltrated your applications.

AWS and Mend.io Webinar: Five Principles of Modern Application Security Programs

Organizations of all kinds are experiencing increasing volumes, frequency, and severity of cyberattacks. 71% of IT and security leaders say that their portfolio of applications has become more vulnerable in the last year alone, and cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025. To fight this trend, organizations need a resilient AppSec strategy that can reinforce trust, reliability, and security when faced with adverse conditions.

How Supply Chain Attacks Work - And What You Can Do to Stop Them

Supply chain attacks made headlines in 2022, sending shockwaves through the industry as security and business leaders scrambled to reexamine the security of their own supply chains. In this webinar, experts talk through the stages of a supply chain attack and the different types of attacks to look for. You will also learn what tools and strategies you can start using immediately to assess your own supply chain security and put defenses in place to keep your supply chain protected.

Communicating the Value of Your Company With SBOMs

A Software Bill of Materials (SBOM) is a detailed, machine-readable, nested list of all of the third-party components and their dependencies that compose a modern software product. SBOMs have particular importance in the health, finance, critical infrastructure, and military sectors, and in mergers and acquisitions, but all industries and applications can benefit from them. SBOMs have been around for over a decade but they’ve gained serious traction in the wake of the SolarWinds breach.

Software Supply Chain Security: The Basics and Four Critical Best Practices

Modern enterprise software is typically composed of some custom code and an increasing amount of third-party components, both closed and open source. These third-party components themselves very often get some of their functionality from other third-party components. The totality of all of the vendors and repositories from which these components (and their dependencies) come make up a large part of the software supply chain.