Mend

Mend.io, originally founded as WhiteSource in 2011 by Rami Sass, Ron Rymon, and Azi Cohen, operates in the application security (AppSec) market. The company rebranded in May 2022 to better reflect its expanded mission of not just identifying but actively mending security vulnerabilities. This strategic shift was underscored by acquisitions of companies like DefenseCode, Xanitizer, and Diffend, which broadened its capabilities from its initial focus on software composition analysis (SCA) to include static application security testing (SAST) and supply chain security.

The firm's core offering is an AI-native Application Security Platform, provided as a software-as-a-service (SaaS) solution. This platform is designed to serve both development and security teams within enterprises, including 25% of the Fortune 100. The business model is based on a single subscription price for its suite of tools, with pricing determined by the number of contributing developers rather than per-module costs. This approach aims to simplify security management and encourage widespread adoption across an organization.

The platform integrates several key products. Mend SCA focuses on managing open-source software risks by detecting vulnerabilities and license compliance issues. Mend SAST analyzes custom code for security weaknesses, while Mend Renovate automates dependency updates to reduce security debt. More recently, the company has expanded into securing AI-powered development, with tools to manage risks in AI-generated code, models, and components. The platform provides automated remediation, offering exact code fixes and prioritizing alerts to help developers address the most critical issues efficiently, reportedly reducing remediation time by as much as 80%.

Headquartered in Tel Aviv, Israel, and Boston, Massachusetts, Mend.io has secured significant funding to fuel its growth, with a total of approximately $121 million raised. A key funding event was a $75 million Series D round in April 2021. The company's strategy involves unifying various security testing tools into a single, cohesive platform, thereby reducing tool complexity and providing holistic coverage across the software development lifecycle, from custom code and open source to containers and AI components.

Keywords: application security, AppSec, software composition analysis, static application security testing, open source security, automated remediation, vulnerability management, AI security, dependency management, DevSecOps