Case Study: MSCI achieves Spring4Shell remediation in hours with Mend

Mend Helps MSCI Address Spring4Shell in Hours

MSCI, a leading provider of research, data and technology for the global investment community, had already modernized its software delivery with DevOps and standardized on Mend SCA and Mend Renovate across thousands of projects and hundreds of repositories. When Spring4Shell (CVE-2022-22965) was disclosed on March 31, 2022, MSCI’s challenge was to quickly identify affected applications and remediate vulnerabilities at DevOps speed without disrupting developer workflows.

By leveraging Mend’s automated scans integrated with Jira/email alerts and Renovate’s automated pull requests, MSCI achieved situational awareness within hours and applied mitigations and fixes rapidly. Teams with automated testing closed issues fastest, and overall the organization remediated the vulnerability “in a matter of hours,” demonstrating how integrated, invisible security automation enabled fast, scalable response across the company.

MSCI

Chris Taylor

Executive Director of Cyber Security