Phylum Launches Ruby, Python, and new UI/UX
Check out Phylum’s latest product update! Ruby and Python are now both supported languages and coincide with our latest UI/UX update.
Phylum Research Team
Hackers, Data Scientists, and Engineers responsible for the identification and takedown of software supply chain attackers.
Your Developer Workforce is Larger Than You Think
By using open source software, you expose yourself to the influence of thousands of developers whom you don’t know and should not necessarily trust. Analyzing author behavior is critical to securing your software supply chain.
Build System and Version Control Compromises - the New Normal
While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months, targeting third-party tools and open
What the History of Software Supply Chain Attacks Says About Today’s Risk
Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post, we take a look at the last forty years and examine
Internally Hosted Dependencies: A Losing Battle
There are well-known issues and uncertainties that come with third-party dependencies such as stale libraries containing vulnerabilities, malicious authors, and poorly-vetted contributions. As a result, many organizations seek to alleviate risk by auditing source at import