SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Veracode acquires Phylum's tech to tackle software threats

Yesterday

Veracode has acquired Phylum's technology to strengthen its capacity to detect and mitigate malicious code in open-source software. This move addresses the rising threat of software supply chain attacks.

The acquisition enhances Veracode's application risk management platform by integrating Phylum's automated analysis pipeline and package management firewall. This integration will enable Veracode to provide real-time detection and block suspicious packages. The move is part of Veracode's broader effort to manage risks associated with the use of open-source code, as software supply chain attacks are projected to increase significantly in cost, from USD $46 billion in 2023 to USD $138 billion by 2031.

Ravi Iyer, Veracode's Chief Product Officer, stated, "This acquisition advances Veracode's mission to be the most comprehensive application risk management platform by significantly expanding our ability to identify, mitigate, and remediate risks across the software supply chain. With Phylum's unmatched database and cutting-edge research—proven to detect 60% more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats."

The acquisition underscores the importance of robust software composition analysis (SCA) solutions that go beyond detection by quarantining and blocking suspicious packages in real time. Phylum's research in malicious package detection, having identified nearly half a million malicious packages, highlights the prevalent threat. Key targets include industries such as finance and cryptocurrency, underscoring the scale and sophistication of ongoing threats.

Aaron Bray, CEO and Co-founder of Phylum, expressed enthusiasm about the acquisition, "Uniting Veracode's platform and Phylum's malicious package detection and mitigation technology creates exceptional value for our customers worldwide. By combining our advanced research capabilities with Veracode's industry-leading platform, we're expanding the fight against software supply chain threats. Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team."

The integration of Phylum's technology into Veracode's SCA product is expected to be generally available early this year. The acquisition adds significant capabilities to Veracode's product suite and bolsters its security research team with Phylum's experts, further elevating Veracode's capacity to protect against evolving threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X