Veracode, a leader in application risk management, announced it acquired certain assets of Phylum, including its malicious package analysis, detection, and mitigation technology. This acquisition enhances Veracode’s ability to identify and block malicious code in open-source libraries, marking continued investment in its software supply chain risk management capabilities. This gives customers a more comprehensive view of risks associated with open-source code usage, strengthening their defenses against emerging threats.
With software supply chain attacks projected to triple costs over the next few years, safeguarding against these risks is now mission-critical for organizations. Through Phylum’s innovative technology, Veracode enables customers to prevent attacks proactively by identifying and blocking malicious packages and vulnerabilities in real-time. Adding a package management firewall and an unmatched malicious package database further strengthens Veracode’s ability to mitigate emerging software threats before they impact customers.
Malicious packages have become a prevalent attack vector for the software supply chain, capable of infecting networks, stealing sensitive data, and enabling remote code execution. And identifying and mitigating these threats is now a critical component of any robust software composition analysis (SCA) solution. Effective tools must go beyond detection to quarantine and block suspicious packages in real time.
Through Phylum’s fully automated malicious code analysis pipeline, Veracode significantly shortens the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks. Phylum’s recent research identified nearly half a million malicious packages, including 2,500 targeted malware campaigns aimed at industries like finance and cryptocurrency, demonstrating the scale and sophistication of these threats.
Phylum’s technology, such as its malicious package database and package management firewall, will be integrated into Veracode’s SCA product, with general availability expected early this year. And the acquisition also bolsters Veracode’s renowned security research team with Phylum’s experts, further elevating the company’s ability to protect customers from evolving threats.
KEY QUOTE:
“This acquisition advances Veracode’s mission to be the most comprehensive application risk management platform by significantly expanding our ability to identify, mitigate, and remediate risks across the software supply chain. With Phylum’s unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats.”
– Ravi Iyer, Chief Product Officer at Veracode
“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide. By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team.”
– Aaron Bray, CEO & Co-founder of Phylum