A Spooky Occurrence in the Open-Source Ecosystem: Hacktoberfest 2020
In this blog post, I explore a controversy that surrounds a prominent open-source software recruitment event: the 2020 edition of Hacktoberfest.
Phylum Research Team
Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Vulnerability Reporting Has Fallen Behind
There has been an explosion in new software over the past 3-10 years. The amount of new software released and the number of new software developers entering the job market has increased dramatically. The associated impact
What Is "Abandonware" and Is It a Security Risk?
The open-source ecosystem is vast and replete with projects at all stages of development. There are nascent projects that are just getting started and toy projects that were never really intended for production use. There are,
Design Matters: How We Created Phylum’s Risk Score for Open-Source Packages
CEO of Phylum Aaron Bray discusses the obstacles to creating open source software risk scores that matter.
Detecting Potential Bad Actors in GitHub
The vast open-source software ecosystem contains millions of packages and tens of millions of contributing authors. This is both the strength and the weakness of open-source software: its crowdsourced nature means that packages are continually updated