Concept: US-based open-source security management company Mend has introduced industry-first automated remediation with the Mend Application Security Platform. It aims to improve AppSec (application security) performance while keeping development timelines unaffected.
Nature of Disruption: Mend application security platform includes Mend SAST (static application security testing), Mend SCA (Software composition analysis), and Mend Supply Chain Defender solutions. Mend SAST allows application developers to rapidly design new applications while maintaining security. Clients can evaluate the recommended code changes and approve or disapprove them using a pull request. And the automated remediation feature produces the exact code changes required to resolve code problems. Mend SCA detects open-source vulnerabilities in over 200 languages, frameworks, and development tools. It provides pull requests with automated remediation, enabling developers to update the recommended open-source package with a single click. Mend Supply Chain Defender protects against attacks by stopping malicious packages from being installed before they can affect developers, CI (continuous integration) servers, or production.
Outlook: The application attack surface is rising as a result of DevOps adoption. Organizations are under increased pressure to keep apps secure while still releasing software faster. Mend aims to eliminate the trade-off between security and development timelines. It offers a solution that automates the reduction of the software attack surface while eliminating a majority of the application security workload. As a result, development teams can offer high-quality, safe code more quickly.