Mend (formerly WhiteSource Software)

Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America


Over the years, Mend has transformed as a company, evolving in lockstep with the ever-changing application security landscape. With legacy appsec solutions focused on detecting vulnerabilities with no guidance for resolving them, developer and security teams need a proactive approach with automated appsec baked into the development lifecycle.

Founders Rami Sass, Ron Rymon, and Azi Cohen set out in 2008 with a mission to automate all tasks surrounding the use and security of open-source software, pioneering the software composition analysis (SCA) market before it even had a name. They founded WhiteSource Software in 2011 with the goal of helping companies with their open-source licensing, security, and reporting. Through the years, the company has compiled a very extensive crowdsourced database, which provides information on what other people are doing with vulnerable open-source dependencies. Shifting its focus based on changing market needs, the company moved into supply chain security through its acquisition of Diffend in 2021, and later acquired static application security testing (SAST) startups Xanitizer and DefenseCode to secure entire codebases.

In May 2022, the company rebranded to Mend with a renewed focus on making appsec centered on fixing and enabling enterprises to secure their proprietary and open-source code in an automated, remediation-centric way so developers can spend their time focused on adding business-value. With this rebrand came the launch of the Mend Application Security Platform, the industry’s first automated remediation for custom code security issues.

With the platform, developers are equipped with capabilities that go beyond vulnerability detection and they can see in their real time, native environment, exactly how to fix code word-for-word — reducing application security risk without impacting demanding deadlines. Mend’s rebrand also reflects the company’s commitment to reducing the friction that exists between developer and security teams, providing the tools they need to collaborate more effectively.

How we are different

- Traditional application security products force developers to choose between security and meeting deadlines. The Mend Application Security platform delivers automated remediation for both SCA and SAST, presented directly in the developer’s environment, reducing remediation time by 80 percent. With a cloud architecture that scales to support unlimited apps, developers, and repositories, Mend fits seamlessly, almost invisibly, into developers’ native workflow for maximum ease of use.
- Mend is built on the most comprehensive vulnerability database in the industry, the Mend Vulnerability Database, providing the widest coverage for threats and attack vectors. This provides developers with all the information they need to find, fix, and address open source vulnerabilities. The database covers over 200 programming languages and over 3 million open source components, aggregating information from a variety of sources including the National Vulnerability Database (NVD), security advisories, and open source project issue trackers, multiple times a day.
- In the last three years, Mend has witnessed a fivefold increase in customers and an 800 percent growth in revenue as the company meets an enormous demand across organizations. Mend saw enterprise net retention at 127 percent in 2021 while also adding 350 new customers last year. Mend has over 1,000 customers, including Microsoft, IBM, Comcast, Philips, and more than 25 percent of the Fortune 100.