Phylum takes a step further to fulfill its mission to protect the software supply chains

Phylum takes a step further to fulfill its mission to protect the software supply chains ...

Phylum, a software supply chain security company, has raised $15 million in series A funding today. ClearSky is leading the round, with contributions from Atlassian Ventures, FirstIn, and industry-specific funds.

Various enterprises are experimenting with standardized and well-defined solutions that may be used as a reference for development teams. One of these companies is Phylum.

Aaron Bray, Louis Lang, and Peter Morgan, both identified the increase in open-source adoption and the associated hazards in the software supply chain, and established Phylum in 2020. The group had established Phylum with the primary aim of addressing the issues that remain unsolved when used with traditional approaches.

ClearSky and Atlassian are joining our mission to protect the open-source ecosystem, so organizations may continue to utilize open-source software''s advantages quickly and efficiently, according to Peter Morgan, the cofounder and president of Phylum.

Modern software development

The combination of open source and devops allows for the automated use of untrusted software via dependencies from unknown authors on the internet. This makes it more difficult for security teams to manage risk simultaneously.

This process of security quality in modern software development must undergo significant changes. Security specialists must alter their attention from features to individual changes to fit in the development methodology. This transition may lead to a higher security quality, through regular feedback and improved compliance enforcement.

Phylum simplifies the identification of packages, by analyzing supply chain risk and categorizing these risks into five categories, including: Malicious code, vulnerability, license,author, and engineering danger.

Phylum ingests and analyzes each package in an average time of 11 minutes, automating risk analysis and malware detection in order to convict harmful packages. This method allows for the monthly classification and eradicatement of hundreds of unknown harmful packages.

The rise in supply chain component hacking has underscored the need to focus on more than just known software vulnerabilities. According to Patrick Heim, Phylums is developing and security teams need proactive risk management tools to enable them to detect compromised packages before they''re included in mission-critical applications.

Future projections

Phylum''s clients are continuing to strengthen their DevSecOps missions with the release of version 2 of the platform.

Phylum''s solution can be used by technology teams to fight the growing number of threats in the software supply chain. We are looking forward to seeing how Phylum will benefit our 200,000+ Atlassian cloud clients, allowing them to focus on their work rather than worrying about security concerns. According to Matt Sonefeldt, the head of Atlassian Ventures, Phylum has gained a lot of ground.

You may also like: