Veracode announced it has acquired
certain assets of Phylum, Inc., including its malicious package analysis, detection, and
mitigation technology. The acquisition enhances Veracode's ability to identify
and block malicious code in open-source libraries, marking continued investment
in its software supply chain risk management capabilities. This gives customers
a more comprehensive view of risks associated with open-source code usage,
strengthening their defenses against emerging threats.
With
software supply chain attacks projected to triple in cost from $46 billion in
2023 to $138 billion by 2031¹, safeguarding against these risks is now
mission-critical for organizations. Through Phylum's innovative technology,
Veracode empowers customers to proactively prevent attacks by identifying and
blocking malicious packages and vulnerabilities in real time. The addition of a
package management firewall and an unmatched malicious package database further
strengthens Veracode's ability to mitigate emerging software threats before
they impact customers.
Ravi
Iyer, Chief Product Officer at Veracode, said, "This acquisition advances
Veracode's mission to be the most comprehensive application risk management
platform by significantly expanding our ability to identify, mitigate, and
remediate risks across the software supply chain. With Phylum's unmatched
database and cutting-edge research-proven to detect 60 percent more malicious
packages than any other vendor-our customers will gain the confidence to
innovate faster, knowing their software is protected against evolving threats."
Veracode
Prevents, Detects and Fixes Malicious Packages
Malicious
packages have become a prevalent attack vector in the software supply chain,
capable of infecting networks, stealing sensitive information, and enabling
remote code execution. Identifying and mitigating these threats is now a
critical component of any robust software composition analysis (SCA) solution.
Effective tools must go beyond detection to quarantine and block suspicious
packages in real-time.
With
Phylum's fully automated malicious code analysis pipeline, Veracode
significantly shortens the window of opportunity for attackers. Newly published
packages are analyzed within seconds, helping customers proactively prevent
attacks. Phylum's recent research identified nearly half a million malicious packages,
including 2,500 targeted malware campaigns aimed at industries like finance and
cryptocurrency, demonstrating the scale and sophistication of these threats.
"Uniting
Veracode's platform and Phylum's malicious package detection and mitigation
technology creates exceptional value for our customers worldwide," said Aaron
Bray, CEO & Co-founder of Phylum, Inc. "By combining our advanced research
capabilities with Veracode's industry-leading platform, we're expanding the
fight against software supply chain threats. Together, we will deliver even
greater protection and peace of mind to organizations navigating an
increasingly complex threat landscape, and we are excited to join the team."
Phylum's technology,
including its malicious package database and package management firewall, will
be integrated into Veracode's SCA product, with general availability expected
early this year. The acquisition also bolsters Veracode's renowned security research
team with Phylum's experts, further elevating the company's ability to protect
customers from evolving threats.