%term

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Dec 5, 2024 By Tom Abai In Mend

On December 2, 2024, the Solana community faced a significant security incident involving the @solana/web3.js npm package, a critical library for developers building on the Solana blockchain with over 450K weekly downloads. This blog post aims to break down the attack flow, explore how it happened, and discuss the importance of supply chain security.

Read Post

Mend

Read more about The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Automatic dependency updates have never been easier

Dec 1, 2024 By Mend In Mend

Implementing Mend Renovate Enterprise has never been easier: 24/7 support, dedicated team guidance, and additional features for increased productivity. Book a time with a product specialist to learn more.

View Video

Mend

Read more about Automatic dependency updates have never been easier

CTO vs VP R&D

Nov 28, 2024 By Mend In Mend

Implementing Mend Renovate Enterprise has never been easier: 24/7 support, dedicated team guidance, and additional features for increased productivity.

View Video

Mend

Read more about CTO vs VP R&D

Benefits of VEX for SBOMs

Nov 26, 2024 By Sarah Moglia In Mend

As Software Bill of Materials (SBOMs), become increasingly necessary and in some cases, required by private companies and governments globally, they are meant to provide transparency and help organizations understand what is in their software. But if SBOMs are so helpful, how come nobody knows what to do with them?

Read Post

Mend

Read more about Benefits of VEX for SBOMs

Mend.io is a Strong Performer in the Forrester Wave Software Composition Analysis, Q4 2024

Nov 13, 2024 By Mend.io Communications In Mend

It should be no surprise that the world runs on open source software. According to the latest Forrester Wave Software Composition Analysis Q4 2024 report an “astonishing 77% of codebases are comprised of open-source software.” Since a “considerable amount of an application’s risk is due to third-party sources,” software composition analysis (SCA) tools remain the lifeblood for securing modern applications and bringing greater transparency to the software supply chain.

Read Post

Mend

Read more about Mend.io is a Strong Performer in the Forrester Wave Software Composition Analysis, Q4 2024

Auditing Your Security Program with Roddy Bergeron - Secrets of AppSec Champions Podcast

Nov 12, 2024 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Auditing Your Security Program with Roddy Bergeron - Secrets of AppSec Champions Podcast

OWASP Top 10 LLM is Dead: Here's Why

Nov 11, 2024 By Mend In Mend

The OWASP Top 10 for LLMs is getting an update! But is v2 going to be significantly different from v1? Check out Bar-El Tayouri's take on what's new in v2 and how it impacts hashtag#GenAI security.

View Video

Mend

Read more about OWASP Top 10 LLM is Dead: Here's Why

How to import SBOMs with Mend.io

Oct 31, 2024 By Mend In Mend

Mend.io allows users to import previously generated SBOMs to create a new project within the application. Once imported, licensing and vulnerability data will be associated with your project’s dependencies and will be regularly monitored for updates and new vulnerabilities, similar to any other project in the application.

View Video

Mend

Read more about How to import SBOMs with Mend.io

Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

Oct 29, 2024 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

All About RAG: What It Is and How to Keep It Secure

Oct 24, 2024 By Bar-El Tayouri In Mend

AI is growing in power and scope and many organizations have moved on from “simply” training models. In this blog, we will cover a common system of LLM use called Retrieval-Augmented Generation (RAG). RAG adds some extra steps to typical use of a large language model (LLM) so that instead of working off just the prompt and its training data, the LLM has additional, usually more up-to-date, data “fresh in mind”.

Read Post

Mend

Read more about All About RAG: What It Is and How to Keep It Secure

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

Automatic dependency updates have never been easier

CTO vs VP R&D

Benefits of VEX for SBOMs

Mend.io is a Strong Performer in the Forrester Wave Software Composition Analysis, Q4 2024

Auditing Your Security Program with Roddy Bergeron - Secrets of AppSec Champions Podcast

OWASP Top 10 LLM is Dead: Here's Why

How to import SBOMs with Mend.io

Stress, Certification, and Pen Testing: Nathaniel Shere's Journey - Secrets of AppSec Champions

All About RAG: What It Is and How to Keep It Secure

Monthly Archive

Follow Us