Menu
© Copyright 2021 Phylum, Inc. All rights reserved.
Welcome to our blog
Get the latest insights from our team & community.
- Product Release
Phylum Launches Ruby, Python, and new UI/UX
We recently launched a major redesign of the product and rolled out new languages, including Ruby and Python. Read on for more detail about these exciting new updates that are now integrated into...
- Technical
What Is "Abandonware" and Is It a Security Risk?
The open-source ecosystem is vast and replete with projects at all stages of development. There are nascent projects that are just getting started and toy projects that were never really intended for...
- Technical
Design Matters: How We Created Phylum’s Risk Score for Open-Source Packages
Generating meaningful scores for open-source packages is extremely complex. Effective scoring for risk and reputation needs to incorporate disparate pieces of information while also accounting for...
- Technical
Detecting Potential Bad Actors in GitHub
The vast open-source software ecosystem contains millions of packages and tens of millions of contributing authors. This is both the strength and the weakness of open-source software: its...
- Software Supply Chain Security
Your Developer Workforce is Larger Than You Think
Do you trust your developers?
- Software Supply Chain Security
Build System and Version Control Compromises - the New Normal
While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months,...
- Software Supply Chain Security
What the History of Software Supply Chain Attacks Says About Today’s Risk
Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post, we take a look at the last forty years and...
- Software Supply Chain Security
Internally Hosted Dependencies: A Losing Battle
There are well-known issues and uncertainties that come with third-party dependencies such as stale libraries containing vulnerabilities, malicious authors, and poorly-vetted contributions. As a...
- Software Supply Chain Security
Repo Jacking: Hidden Danger in Broken Links
When contemplating the dangers of 3rd party libraries, there are a lot of things you can't control. While issues related to direct contribution or account compromises are certainly things to look out...
- Software Supply Chain Security
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last decade was discovered: the SolarWinds breach. It was a notable event for two primary reasons. First, the threat actors achieved an...