Charles Coggins - Phylum Research | Software Supply Chain Security (Page 2)

Python Package Installation Attacks

Phylum Insights and Resources

Arbitrary code execution is possible and even common during package installation. Learn how attackers use this to their advantage.

Charles Coggins Apr 24, 2024 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Python Trojan Functions and Imports

Phylum Insights and Resources

Learn basic techniques attackers use to create malicious packages with trojan features found in attacks, including typosquatting, starjacking, dependency confusion, and lockfile injection.

Charles Coggins Apr 24, 2024 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Python Package Spoofing

Phylum Insights and Resources

Find out how easy it is for threat actors to spoof legitimate Python packages as the foundation of their attacks on the software supply chain.

Charles Coggins Apr 24, 2024 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Series: How Malicious Python Code Gains Execution

Phylum Insights and Resources

Beyond vulnerabilities: Secure your Python code. Learn how attackers target software supply chains and an approach to preventing malicious code execution. See Phylum Research.

Charles Coggins Apr 24, 2024 2 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

The Power of the Pod

Phylum Insights and Resources

I love podcasts. I started listening in 2005 with an Apple iPod I got the year before. To really date me, I used a 3.5mm auxiliary-to-cassette adapter plugged into my truck's tape deck

Charles Coggins Sep 30, 2023 5 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies