phylum-releases-a-free-community-edition-to-make-software-supply-chain-security-more-accessible

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible

EVERGREEN, Colo., Aug. 4, 2022 /PRNewswire/ — Phylum, The Software Supply Chain Security Company, announces the release of its free Phylum Community Edition to expand the standard in supply chain security risk analysis to everyone.

Users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain.

The free Phylum Community Edition allows any user to identify open-source risks across five domains with deductive analysis that is integrated into every stage of a build. Available immediately, users can:

— Sign up for a free, individual account here

— Work on up to five projects at a time

— Join the Phylum slack community to collaborate with other developers and security professionals

— Get exclusive access to future beta features

— Contribute feedback to the product

— Access community support

“We’re excited to get Phylum in the hands of security engineers and developers around the world. Supply chain attacks are just getting started, and users need the ability to identify risk across the entire OSS supply chain attack surface. With the Phylum Community Edition, users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain,” said Peter Morgan, co-founder and president of Phylum.

The Phylum Risk Framework



Phylum’s proactive approach to analyzing the risk inherent within the software supply chain is built from years of research and observation.

Instead of taking a retrospective approach by analyzing incidents after they occur, Phylum starts by consuming all available information about open-source packages and structuring the data in a consistent format for analysis. Layers of analytics, heuristics, and ML models then comb through the data to find risk indicators. Deductive analysis is then applied to account for the entire context around each indicator, and identified risks are prioritized based on the risk tolerance criteria set by the organization.

This allows Phylum to effectively surface and prioritize meaningful issues before an incident occurs, in a manner that does not overwhelm security teams. These risks can then be addressed before leading to compromise, outages, service degradation at runtime or legal liability.

“Given the large volume of components involved in the development of modern software, surfacing meaningful findings becomes critically important — as does accurately prioritizing issues. Phylum defines the attack surface and conducts the deductive analysis, and users define risk tolerance based on project needs. This combination results in a significantly reduced attack surface, and categorized risk prioritized by business objective,” said Brad Crawford, vice president of product at Phylum and co-author of the MITRE ATT&CK Framework.

The Phylum Risk Framework is the standard in software supply chain security, defined by the following categories: Malicious Code, Software Vulnerabilities, Authorship Risk, Reputation, License Misuse and Engineering Risk.

Get the Phylum Community Edition here.

Phylum will be at Black Hat 2022 in Innovation City booth# IC53. To meet up at the event, request a meeting here.

About Phylum

Phylum is the Software Supply Chain Company, on a mission to secure the universe of code. Developers and security professionals use Phylum to identify open-source risks across five domains using deductive analysis that is integrated into every stage of a build. The company is built by a team of career security researchers and developers with decades of experience in the US Intelligence Community and commercial sectors. Learn more at https://phylum.io, read The Phylum Research Blog, and follow us on LinkedIn and Twitter.

SOURCE: Phylum

Related News

Vulnerability Summary for the Week of November 21, 2022

airbnb — optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially…
TikTok Invisible Body Challenge Trend Abused to Drop Malware

TikTok Invisible Body Challenge Trend Abused to Drop Malware

The newest trend on TikTok, the Invisible Body Challenge, is being abused by cybercriminals to spread WASP info-stealing malware. This…
Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Cybersecurity firm ESET’s researchers have identified a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already discovered it…