Welcome to our blog

Get the latest insights from our team & community.

Stay in the know.

Get the latest cybersecurity news, product updates, and resources by email.

  • Technical

Spark and Rust - How to Build Fast, Distributed and Flexible Analytics Pipelines with Side Effects

Apache Spark is a powerful piece of software that has enabled Phylum to build and run complex analytics and models over a big data lake comprised of data from popular programming language ecosystems.

Andrea Venuta, Senior Software Engineer
Andrea Venuta, Senior Software Engineer - October 7, 2021
Abandoned
  • Technical

What Is "Abandonware" and Is It a Security Risk?

The open-source ecosystem is vast and replete with projects at all stages of development. There are nascent projects that are just getting started and toy projects that were never really intended for...

Eric Freitag, Chief Engineer
Eric Freitag, Chief Engineer - September 9, 2021
  • Technical

Design Matters: How We Created Phylum’s Risk Score for Open-Source Packages

Generating meaningful scores for open-source packages is extremely complex. Effective scoring for risk and reputation needs to incorporate disparate pieces of information while also accounting for...

Aaron Bray, CEO
Aaron Bray, CEO - August 31, 2021
  • Technical

Detecting Potential Bad Actors in GitHub

The vast open-source software ecosystem contains millions of packages and tens of millions of contributing authors. This is both the strength and the weakness of open-source software: its...

Chris Tokita, Data Scientist
Chris Tokita, Data Scientist - August 27, 2021
The Anatomy of a Malicious Package (Part 2)
  • Technical

The Anatomy of a Malicious Package (Part 2)

Picking up where we left off in the last article, it's time to start thinking about improving our situation. To recap, we've now got initial execution on a victim system, we're able to successfully...

Aaron Bray, CEO
Aaron Bray, CEO - August 28, 2020
The Anatomy of a Malicious Package
  • Technical

The Anatomy of a Malicious Package

What does a malicious package actually look like in practice? We'll walk through some hypothetical exercises to see how malware generally works, and what sort of functions we might expect, from...

Aaron Bray, CEO
Aaron Bray, CEO - August 21, 2020
1