Welcome to our blog

Get the latest insights from our team & community.

Stay in the know.

Get the latest cybersecurity news, product updates, and resources by email.

  • Technical

Spark and Rust - How to Build Fast, Distributed and Flexible Analytics Pipelines with Side Effects

Apache Spark is a powerful piece of software that has enabled Phylum to build and run complex analytics and models over a big data lake comprised of data from popular programming language ecosystems.

Andrea Venuta, Senior Software Engineer
Andrea Venuta, Senior Software Engineer - October 7, 2021
Computer and Pumpkin
  • Software Supply Chain Security

A spooky occurrence in the open-source ecosystem: Hacktoberfest 2020

One of the things that excites me about the open-source software ecosystem is entirely outside the technical components of code and computation. Instead, as someone whose PhD was focused on behavior...

Chris Tokita, Data Scientist
Chris Tokita, Data Scientist - September 30, 2021
  • Software Supply Chain Security

Vulnerability Reporting Has Fallen Behind

There has been an explosion in new software over the past 3-10 years. The amount of new software released and the number of new software developers entering the job market has increased dramatically....

Aaron Bray, CEO
Aaron Bray, CEO - September 28, 2021
  • Product Release

Phylum Launches Ruby, Python, and new UI/UX

We recently launched a major redesign of the product and rolled out new languages, including Ruby and Python.

Aaron Bray, CEO
Aaron Bray, CEO - September 16, 2021
Abandoned
  • Technical

What Is "Abandonware" and Is It a Security Risk?

The open-source ecosystem is vast and replete with projects at all stages of development. There are nascent projects that are just getting started and toy projects that were never really intended for...

Eric Freitag, Chief Engineer
Eric Freitag, Chief Engineer - September 9, 2021
  • Technical

Design Matters: How We Created Phylum’s Risk Score for Open-Source Packages

Generating meaningful scores for open-source packages is extremely complex. Effective scoring for risk and reputation needs to incorporate disparate pieces of information while also accounting for...

Aaron Bray, CEO
Aaron Bray, CEO - August 31, 2021
  • Technical

Detecting Potential Bad Actors in GitHub

The vast open-source software ecosystem contains millions of packages and tens of millions of contributing authors. This is both the strength and the weakness of open-source software: its...

Chris Tokita, Data Scientist
Chris Tokita, Data Scientist - August 27, 2021
Your Developer Workforce is Larger Than You Think
  • Software Supply Chain Security

Your Developer Workforce is Larger Than You Think

Do you trust your developers? 

Aaron Bray, CEO
Aaron Bray, CEO - May 18, 2021
Build System and Version Control Compromises - the New Normal
  • Software Supply Chain Security

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months,...

Aaron Bray, CEO
Aaron Bray, CEO - April 25, 2021
What the History of Software Supply Chain Attacks Says About Today’s Risk
  • Software Supply Chain Security

What the History of Software Supply Chain Attacks Says About Today’s Risk

Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post, we take a look at the last forty years and...

Aaron Bray, CEO
Aaron Bray, CEO - April 21, 2021
1 2