WhiteSource is Now Mend: You Code, We Cure
Table of Contents
In 2011, my co-founders Azi Cohen, Ron Rymon, and I founded WhiteSource with a mission to automate all tasks surrounding the use and security of open source software. We were pioneering the software composition analysis market before it had a name. Over the years, we’ve evolved to offer more value to our customers beyond our founding purpose. Most recently, we’ve moved into supply chain security through our acquisition of Diffend in April 2021 and with the acquisitions of SAST startups Xanitizer and DefenseCode in February this year, we’re now securing both open source software and proprietary code.
Today, we’re announcing a new brand identity to better reflect the transformation of our company and our focus on the detection, automated remediation, and prevention of application security issues: WhiteSource is now Mend.
Alongside our brand evolution, we’ve announced that we extended our unique automated remediation capabilities beyond open source code to to provide the industry’s first automated remediation for custom code security issues in the Mend Application Security Platform. These changes reflect our pursuit of making application security centered on fixing: enabling enterprises to secure their proprietary and open source code in an automated, remediation-centric way so developers can spend their time creating innovative applications.
Mend makes AppSec all about fixing
The application security industry is stuck.
Far too many companies limit their security practices to detecting vulnerabilities to check off regulatory compliance criteria, often overwhelming developers with the sheer volume of these issues. The industry needs to focus on risk reduction and protecting important data, not bare-minimum compliance. With attacks becoming more sophisticated and frequent, the stakes are too high to limit application security practices to a compliance-centric mindset. Mend takes a lead in this paradigm shift with our automated remediation-first approach for both open source and custom code.
Why did we rename ourselves Mend?
It’s simple: this name best represents what we do.
With Mend, organizations have what they need to go beyond detection and automatically find and close application security holes faster. Developers can see in real time, in their native environment, exactly how to fix – mend – their code, word-for-word, and help their companies reduce application security risk without impacting demanding development deadlines. Just as importantly, Mend helps foster relationships between development and security teams to help these often at-odds job functions to better collaborate. Our new name and appearance are about more than just a “look”, it’s about how we enable organizations to mend the relationships of these teams as they mend their application security.
Developers code. Mend cures.
As a company, we value action and empowerment and aim to carry these priorities through in the products that we bring into the world. We believe that when we remove barriers that hinder innovation – for example, the notion that security and speed are antithetical – teams can do great work.
The future for Mend and Mend customers: Taking AppSec to new heights
We have a proven track record of successfully meeting complex and large-scale application security needs by providing teams with what they need to seamlessly fix vulnerabilities and secure applications. As we grow and evolve our brand, our goal remains the same: remove the burden of application security so developers can effortlessly secure what they create.
Our work towards this vision is continuing to crystalize with automated remediation of security vulnerabilities for SAST and the integration of Mend Supply Chain Defender with its existing JFrog Artifactory plugin, all within the Mend Application Security Platform.
Mend is enabling enterprises to find and fix security issues in not only open source code, but now also custom code using automated remediation. The Mend platform easily integrates into the developer’s workflow to deliver automatic remediation for both SCA and SAST, presented directly in the developer’s repository. Current tools for SAST might provide some education about resolving security holes, but it’s not enough. We are the first to bring automated remediation to custom code security issues. Now, developers and security teams can move from detection and manual processes to automated remediation of application vulnerabilities across their entire codebase.
Integration of Mend Supply Chain Defender, with the Mend platform plugin for JFrog Artifactory further supports enterprises by enabling those using the plug-in as a private repository manager to prevent malicious open source software from entering their code base. Those using Artifactory need to install Supply Chain Defender just once and they can confirm all their projects involving Javascript or Ruby are protected from harmful code with a centralized policy enforcement and auditing point.
We’re excited to expand our automated remediation to SAST, and to be the first in the market to do so. Mend is dedicated to helping security teams and software developers meet their primary goals — security with speed. I’m grateful for the Mend team for its hard work, especially over the last year as we’ve experienced massive growth and demand for our products. And I’m grateful for our more than 1,000 customers and our partners who support taking Mend to new heights.
Starting now, you’ll see our new look incorporated throughout our company and products. If you don’t already, find us on LinkedIn and Twitter to follow our journey as Mend.
You can read additional details about all our updates in the formal announcement.
Learn more about automated remediation for SAST and the Mend Supply Chain Defender.