Veracode , a global leader in Application Risk Management, announced it has acquired certain assets of Phylum, Inc. , including its malicious package analysis, detection and mitigation technology. This acquisition enhances Veracode’s ability to detect and block malicious code embedded in open-source libraries, demonstrating Veracode’s continued investment in its software supply chain risk management capabilities. This provides customers with a more complete view of risks associated with the use of open-source code and strengthens their defenses against emerging threats.
With the cost of software supply chain attacks expected to triple from $46 billion in 2023 to $138 billion by 2031 1 , protecting against these risks has become mission critical for organizations. Through Phylum’s innovative technology, Veracode enables customers to proactively prevent attacks by detecting malicious packages and vulnerabilities and blocking them in real time. Furthermore, the addition of a package management firewall and an unmatched database of malicious packages further enhances Veracode’s ability to mitigate emerging software threats before they impact customers.
Ravi Iyer, Chief Product Officer of Veracode, commented: “ This acquisition represents a major step forward in Veracode’s mission to be the most complete application risk management platform by significantly expanding our ability to detect, mitigate and remediate risks across the software supply chain. With Phylum’s unmatched database and groundbreaking research proven to detect 60 percent more malicious packages than any other vendor, our customers will gain the confidence to innovate faster knowing their software is protected from evolving threats.”
Also Read: Torc and Aeva Advance Autonomous Truck Tech
Veracode detects, prevents and resolves malicious packages
Malicious packages have become a prevalent attack vector in the software supply chain, capable of infecting networks, stealing sensitive information, and enabling remote code execution. Detecting and mitigating these threats is now a critical component of any robust Software Composition Analysis (SCA) solution. Effective tools must go beyond simple detection to isolate and block suspicious packages in real time.
With Phylum’s fully automated malicious code analysis pipeline, Veracode significantly narrows the attacker’s window of opportunity. Newly released packages are analyzed in seconds, helping customers proactively prevent attacks. Recent Phylum research identified nearly half a million malicious packages, including 2,500 targeted malware campaigns specifically targeting industries like finance and cryptocurrencies, demonstrating the scale and sophistication of these threats.
“ The convergence of Veracode’s platform and Phylum’s technology to detect and mitigate malicious packages will deliver exceptional value to our customers around the world,” said Aaron Bray, CEO & Co-Founder of Phylum, Inc. “ By combining our advanced threat detection capabilities with Veracode’s industry-leading platform, we are expanding the threat landscape across the software supply chain. Together, we can provide greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are thrilled to join the team.”
Phylum’s technology, including its malicious package database and management firewall, will be integrated into Veracode’s SCA product and is expected to be generally available early this year. The acquisition also strengthens Veracode’s renowned security research team with Phylum experts, further enhancing the company’s ability to protect customers from evolving threats.
SOURCE: Businesswire