Veracode, a leader in application security, has bolstered its portfolio by acquiring key technology components from Phylum, a rising startup specializing in software supply chain security. This acquisition includes Phylum’s advanced capabilities for analyzing, detecting, and mitigating malicious software packages, alongside integrating some of Phylum's expert personnel into Veracode's security research team.

Enhancing Open Source Security

The integration of Phylum’s technology into Veracode’s platform aims to enhance their ability to detect and neutralize malicious code embedded within open-source libraries. This enhancement is timely, given the rising concerns among organizations about vulnerabilities in open source software. Gartner has highlighted this urgency by predicting that damages from software supply chain attacks could escalate from $46 billion in 2023 to an alarming $138 billion by 2031.

Phylum’s Innovative Approach

Established in 2020, Phylum quickly made a name for itself in the cybersecurity industry with its innovative tools that perform real-time analysis of new software packages. Their cutting-edge technology provides instant insights, aiding organizations in effectively identifying potential threats. Back in 2022, Phylum co-founder Peter Morgan described their approach to package analysis as creating a “credit score for packages," revolutionizing how risks are assessed. Phylum's research has uncovered nearly half a million malicious packages, including those targeting financial and cryptocurrency sectors, reflecting the sophistication and prevalence of such threats.

Strategic Integration with Veracode

With Phylum’s technology, Veracode intends to significantly shorten the duration in which organizations are vulnerable to attacks by swiftly identifying malicious packages within applications. The malicious package database and accompanying firewall will be incorporated into Veracode's Software Composition Analysis tool, anticipated to be widely available shortly. Ravi Iyer, Veracode's Chief Product Officer, remarked, "With Phylum’s unparalleled database and pioneering research—demonstrated to identify 60% more malicious packages than competitors—our clients can innovate confidently, assured of their protection against dynamic threats." The financial specifics of Veracode’s deal with Phylum remain undisclosed.

The link has been copied!