SourceClear Blog Innovating to Secure Software Supply Chains: Veracode Acquires Phylum, Inc. Technology for Enhanced Software Composition Analysis

The rise of emerging open-source threats presents a growing risk to organizations as attackers increasingly exploit vulnerabilities in widely used libraries, frameworks, and tools. In fact, most Software Composition Analysis (SCA) tools on the market today are unable to keep up with the volume of new overtly malicious activities in the open-source ecosystem.   To address the critical threat, I’m excited to announce Veracode’s acquisition of Phylum Inc.’s technology to advance our capabilities in securing software supply chains. The addition of Phylum will help the market’s ability to combat threats through the advanced detection and mitigation of malicious packages in open-source libraries.  The dependencies of software teams on open-source libraries and the threats targeting these libraries make detecting and blocking malicious packages more critical than ever. Malicious packages often contain code designed to extract sensitive information such as credentials, API…