_Yury_Zap_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "Veracode Acquires Package Analysis Technology From Phylum")
Veracode, a leading application security company, recently made a significant acquisition of key technology assets from Phylum, a startup specializing in software supply chain security. This deal includes the acquisition of Phylum’s malicious package analysis, detection, and mitigation technology, as well as the addition of some of Phylum’s staff who are experts in package analysis. These new assets will bolster Veracode’s ability to identify and block malicious code within open source libraries, providing customers with a more comprehensive understanding of the risks associated with utilizing open source code. Additionally, the newly acquired staff members will be joining Veracode’s esteemed security research team.
The timing of this technology deal is crucial, particularly as organizations are becoming increasingly concerned about the vulnerabilities present in open source code. According to Gartner, the damages from software supply chain attacks are projected to skyrocket from $46 billion in 2023 to a staggering $138 billion by 2031. This acquisition by Veracode demonstrates a proactive approach to addressing these evolving threats in the software landscape.
Phylum, founded in 2020, has built a strong reputation for its innovative technologies focused on analyzing, detecting, and mitigating malicious software packages. Their tools offer real-time analysis of newly published packages, enabling organizations to swiftly identify and block potential threats. Back in 2022, Phylum gained recognition by winning Black Hat’s first Innovation Spotlight competition. Co-founder Peter Morgan described package analysis as a method of assessing risk indicators to create a “credit score for packages.”
Recent research conducted by Phylum uncovered almost half a million malicious packages, including targeted campaigns aimed at finance and cryptocurrency companies. This highlights the critical role that advanced security solutions play in safeguarding organizations from sophisticated cyber threats.
Veracode’s platform is widely used by organizations to scan code, understand exploitable risks, identify and address vulnerabilities, and minimize security debt. By integrating Phylum’s technology into their ecosystem, Veracode can significantly reduce the attack window for customers by enhancing the speed at which malicious packages are detected within their applications.
The integration of Phylum’s malicious package database and package management firewall into Veracode’s Software Composition Analysis product is expected to be completed early this year, with the goal of providing customers with enhanced protection against evolving threats. Ravi Iyer, Veracode’s chief product officer, expressed confidence in the benefits of this acquisition, stating, “With Phylum’s unmatched database and cutting-edge research—proven to detect 60 percent more malicious packages than any other vendor—our customers will gain the confidence to innovate faster, knowing their software is protected against evolving threats.”
While the financial terms of the transaction were not disclosed by Veracode, the strategic importance of this acquisition in enhancing their security capabilities is undeniable. As the threat landscape continues to evolve, companies must stay vigilant and proactive in adopting advanced security solutions to protect their digital assets and maintain the trust of their customers.