Veracode Acquires Phylum Assets to Enhance Supply Chain Security

Highlights:

• Phylum’s tech adds an advanced malicious-package database and firewall to Veracode’s Software Composition Analysis platform.
• Phylum’s technology, including its malicious package database and firewall, will be integrated into Veracode’s SCA product, with availability expected later this year.

Recently, an application security company, Veracode Inc., acquired Phylum Inc., software supply chain security firm for an undisclosed amount.

As part of the agreement, Veracode is acquiring Phylum’s technology for analyzing, detecting, and mitigating malicious packages. This technology will be integrated to strengthen Veracode’s capability to identify and block malicious code in open-source libraries, providing customers with a more comprehensive understanding of the risks tied to open-source code usage.

The acquisition comes amid the growing sophistication and cost of software supply chain attacks, with global damages projected to increase from USD 46 billion in 2023 to USD 138 billion by 2031. By incorporating Phylum’s automated malicious code analysis pipeline, Veracode aims to help organizations detect and block threats in real-time, mitigating the risk of data breaches and operational disruptions.

Phylum’s technology enhances Veracode’s platform with an advanced malicious-package database and a package management firewall, bolstering its Software Composition Analysis capabilities. These tools are designed to deliver real-time analysis of newly published packages, bridging the gap between threat detection and mitigation.

Veracode states that, with Phylum’s fully automated malicious code analysis pipeline, it can drastically reduce the window of opportunity for attackers. Newly published packages are analyzed in seconds, enabling customers to proactively prevent potential attacks.

The acquisition includes not only Phylum’s technology but also the experts behind its malicious package analysis. The incoming researchers have identified nearly half a million malicious packages, including targeted campaigns against industries like finance and cryptocurrency. Their expertise will enhance Veracode’s efforts to provide industry-leading solutions for application risk management.

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide. By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats,” said Aaron Bray, Co-founder and Chief Executive of Phylum.

Phylum’s technology, including its malicious package database and package management firewall, is set to be integrated into Veracode’s SCA product, with general availability anticipated later this year.