WhiteSource Rebrands as Mend, Introduces Industry-First Automated Remediation with the Mend Application Security Platform

Company focuses on automation to dramatically reduce the software attack surface and the application security burden for developers 

TEL AVIV AND BOSTON – May 25, 2022 – WhiteSource, a leader in application security, today announced the change of its name to Mend. The company is also launching the industry’s first automated remediation for custom code security issues as well as integration of Mend Supply Chain Defender (formerly WhiteSource Diffend) in its JFrog Artifactory plugin, all within the Mend Application Security Platform. Mend secures all aspects of your software, providing automated remediation, prevention, and protection from problem to solution versus only detection and suggested fixes. 

With revenue up 800% over the past three years and enterprise net retention at 127% in 2021, the company added 350 new customers in the last year. Mend has over 1,000 customers including more than 25% of the Fortune 100 and is focused on investing its latest round ($75 million series D announced in April 2021) into its overall growth as it expands beyond the Software Composition Analysis (SCA) market. This includes the move into supply chain security through its acquisition of Diffend in April 2021 and the acquisitions of SAST startups Xanitizer and DefenseCode in February this year. The company’s strategic acquisitions and its unique automated remediation technologies have enabled it to deliver the Mend Application Security Platform. Combining automated remediation for static application security testing (SAST) with Mend’s existing ability to do this for software composition analysis (SCA), the platform is the first to automatically find and fix application security holes involving both open source and custom code.

“Attackers are increasingly targeting applications as the weakest link to go after organizations, and at the same time, pressure to deliver software faster has never been higher. Organizations face undeniable tension to do both, better,” said Rami Sass, Co-founder and CEO of Mend. “Mend breaks the tradeoff between security and development delivery timelines by providing a solution that automates the reduction of the software attack surface while removing most of the burden of application security, allowing development teams to deliver quality, secure code, faster.”

Mend’s Automated Remediation for SAST

Offering automated remediation for both open source and custom code, providing exact fixes for each line of code, the Mend Application Security Platform enables any level of developer to easily write quality, secure code. Prior to this advancement, leading application security products could, at best, provide training materials and examples to support developers with researching fixes for each security issue they encountered. This inefficient process forced developers to choose between security and meeting deadlines. The Mend platform delivers automated remediation for both SCA and SAST, presented directly in the developer’s repository, for easy integration into the developer workflow. With Mend, developers don’t have to sacrifice security for speed.

Mend Supply Chain Defender Integration with Artifactory Plug-In

Integration of the Mend Supply Chain Defender — a solution that detects and blocks malicious open source software — into the Mend platform plugin for the Artifactory registry allows enterprise customers using JFrog Artifactory as a private repository manager to prevent malicious open source software from entering their code base. Using a single installation of Supply Chain Defender, enterprises can protect all projects involving JavaScript or Ruby with a centralized policy enforcement and auditing point. All results are displayed for open source and custom code in a custom or third-party code repository for a single view inside the developers’ native environment.

“Whether open-source or proprietary code, the application security industry has mostly focused on vulnerability detection and management. Mend has an interesting approach of automating the remediation of code vulnerabilities,” said Josh Johnson, Manager of Solutions Architecture, Defy Security. “While the company is announcing this new name, as a partner of Mend, we are excited for it to further its commitment to solving code-based security challenges with automated-remediation. Defy Security looks forward to seeing Mend extend automation for closing security gaps.”

Learn more about automated remediation for SAST and the Mend Supply Chain Defender and more details on the story behind the company’s new name, Mend, on our blog.

About Mend.io

Trusted by the world’s leading companies, including IBM, Google, and Comcast, Mend.io offers a full-spectrum application security platform designed to help leading organizations build and manage mature AppSec programs, enabling them to stop chasing vulnerabilities and start proactively managing application risk.