Mend.io Helps Yahoo Empower Developers and Build Enterprise-Wide Open Source Security

Efficiently managing the extensive use of open source components and mitigating their security risks presented a hurdle for Yahoo. “We did not have a single view of, and solution for, all our open-source and associated risk across the organization,” said Chris Madden, Distinguished Technical Security Engineer at Yahoo. This led Yahoo to seek a more efficient process for addressing security incidents at scale.

Yahoo aimed to build an enterprise-level solution with features such as automatic pull requests for remediation and comprehensive support for open source compliance. These improvements would streamline development workflows, enforce consistent security policies, and proactively address vulnerabilities faster.

Yahoo found the answer in Mend SCA. Mend.io’s ability to scale to Yahoo’s enterprise size and provide a comprehensive view of all open source components and associated risks proved crucial to Yahoo’s decision to implement Mend.io into their GitHub Enterprise environment.

Madden stated that Yahoo software engineers found the automated pull requests to be a “game changer,” as it is customizable for the developer experience and enables quick remediation without disrupting development. He also emphasized the ability to quickly locate libraries, allowing for a proactive response to vulnerabilities before they were exploitable. Additionally, Madden praised Mend.io’s on-site support during implementation, calling it “second to none” and noting that the deployment went smoothly.

Mend.io has helped transform Yahoo’s security. “Mend SCA allows us to use OSS safely and securely,” Madden said. “SCA vendors are typically strong on compliance or vulnerability, but there are very few vendors that are strong on both. Mend.io is one of them.” The ability to quickly address vulnerabilities across their entire software portfolio has greatly reduced Yahoo’s risks.

As Madden noted, Mend SCA helps the company use resources more efficiently, allowing them to focus more on growth, profitability, and innovation. “If we look at the number of PRs created by Mend SCA that were merged and compare that to the cost of developers doing that manually, then we have saved considerable developer time,” he said.

A global media and technology company with several thousand employees, Yahoo maintains a portfolio of iconic products and is prolific in open-source projects.