Phylum Research Team - Phylum Research | Software Supply Chain Security (Page 18)

Loading WASM Extensions

Phylum Insights and Resources

Phylum extensions can load Typescript and run Web Assembly. Enabling the logic of extensions to be built in languages that users are familiar with.

Phylum Research Team Sep 9, 2022 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

The Unacknowledged Risk of Authors

Phylum Insights and Resources

One of the largest (and most oft ignored) attack surfaces across the software supply chain is also one of the most obvious: package maintainers. While problems around maintainer account compromises are by no means a new

Phylum Research Team Aug 25, 2022 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Build Your Own Software Supply Chain Extensions

Phylum Insights and Resources

Phylum has added support for Software Supply Chain Extensions. Adding another layer of automation and customizability for all users.

Phylum Research Team Aug 24, 2022 4 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Phylum's Monthly Malware Report: June 2022 - Don't Believe the Type

Phylum Research

Overview June’s Malware Analysis yielded more of what Phylum has been seeing for a while: * NPM is targeted far more heavily than any other package registry. * Frequent use of dependency confusion attacks. * Frequent use of

Phylum Research Team Jul 1, 2022 9 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

Hidden Dependencies Lurking in the Software Dependency Network

Phylum Research

We are not the only ones with a social network! Much like we form social connections through friendships, software packages form connections to other packages through dependencies, when a package relies on another package to be

Phylum Research Team Jun 1, 2022 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies