Application security company Veracode announces that it has acquired certain assets from Phylum, which specializes in securing software supply chains. Financial details were not disclosed.
Under the agreement, Veracode will acquire Phylum’s technology for analyzing, detecting, and mitigating malicious packages. This technology should improve Veracode’s ability to identify malicious code in open-source libraries and block it. It also aims to give customers a more comprehensive overview of the risks of using open source code.
Costly attacks on software chains
The acquisition comes as attacks on software supply chains become increasingly sophisticated and costly. Global damages are expected to rise from $46 billion in 2023 to $138 billion in 2031. Veracode aims to help organizations identify and block threats in real-time by integrating Phylum’s automated malicious code analysis pipeline. This reduces the risk of data breaches and operational disruptions.
Phylum’s technology brings a database of malicious packages and a package management firewall to Veracode’s platform. This aims to strengthen the Software Composition Analysis (SCA) offering. The tools coming to Veracode are designed to provide immediate analysis of newly published packages. Thus, they close the gap between threat identification and mitigation.
Smaller time window for attackers
With Phylum’s fully automated malicious code analysis pipeline, Veracode says it can significantly reduce the time window for attackers. Newly published packages are analyzed within seconds, allowing customers to prevent attacks proactively.
The acquisition includes not only Phylum’s technology but also the experts behind the analysis of malicious packets. The researchers discovered nearly half a million malicious packets, including targeted campaigns against sectors such as finance and cryptocurrency.
Phylum’s technology, including its malicious packet database and packet management firewall, will be integrated into Veracode’s SCA product. General availability is planned for later this year.