Veracode Buys Package Analysis Technology From Phylum

Summary: Veracode has acquired technology assets from Phylum to enhance its capabilities in detecting and mitigating malicious code in open source libraries. This acquisition aims to address the growing concerns over vulnerabilities in software supply chains, particularly as damages from such attacks are projected to rise significantly in the coming years.

Threat Actor: N/A | malicious packages
Victim: Organizations using open source code | organizations using open source code

Key Point :

• Veracode acquired Phylum’s malicious package analysis technology and some staff to enhance its security offerings.
• The integration of Phylum’s technology into Veracode’s platform is expected to significantly reduce the attack window for malicious packages.
• Phylum’s research has identified nearly half a million malicious packages, highlighting the risks in software supply chains.
• Gartner projects that damages from software supply chain attacks will increase from $46 billion in 2023 to $138 billion by 2031.
• Veracode’s enhanced capabilities will allow customers to innovate faster while ensuring their software is protected against evolving threats.