Welcome to our blog

Get the latest insights from our team & community.

Stay in the know.

Get the latest cybersecurity news, product updates, and resources by email.

  • Software Supply Chain Security

Where We Are & What’s Ahead in 2022

Greetings from the team at Phylum, I wanted to share an update and a glimpse of what you can look forward to in 2022!

Aaron Bray, CEO
Aaron Bray, CEO - January 20, 2022
  • Software Supply Chain Security
  • Technical

Phylum 2021 Top 5 Most Viewed Blog Posts

Over the course of 2021 members of our team here at Phylum have published several technical and research blog posts. In case you missed them the first-time round, here are our Top Five Most Viewed...

Peter Morgan, President
Peter Morgan, President - January 13, 2022
  • Technical

Using Entropy to Identify Obfuscated Malicious Code

In a typical software program, a lot of information can be determined about a program by simply examining the strings that it contains. For example, you can see the files that the program uses,...

Eric Freitag, Chief Engineer
Eric Freitag, Chief Engineer - December 3, 2021
  • Software Supply Chain Security

Recent NPM Malware

NPM, JavaScript’s most popular package manager, has seen a rash of malware incidents over the last year. This culminated in major community-impacting breaches in the last few weeks. Let’s dig into...

Peter Morgan, President
Peter Morgan, President - November 16, 2021
  • Software Supply Chain Security

SCA Is Dead

The Evolution of Open Source If you are familiar with the application security space, you might feel a bit confused. Many Software Composition Analysis (SCA) products exist, after all. With so many...

Aaron Bray, CEO
Aaron Bray, CEO - November 10, 2021
  • Software Supply Chain Security

What Happens to Author Reputation When Malicious Packages are Taken Offline?

Overview There has been an unprecedented rise in malware identified throughout the open-source ecosystem. Over the last several months alone, thousands of bad packages have been removed from package...

Aaron Bray, CEO
Aaron Bray, CEO - October 18, 2021
  • Technical

Spark and Rust - How to Build Fast, Distributed and Flexible Analytics Pipelines with Side Effects

Apache Spark is a powerful piece of software that has enabled Phylum to build and run complex analytics and models over a big data lake comprised of data from popular programming language ecosystems.

Andrea Venuta, Senior Software Engineer
Andrea Venuta, Senior Software Engineer - October 7, 2021
Computer and Pumpkin
  • Software Supply Chain Security

A Spooky Occurrence in the Open-Source Ecosystem: Hacktoberfest 2020

One of the things that excites me about the open-source software ecosystem is entirely outside the technical components of code and computation. Instead, as someone whose PhD was focused on behavior...

Chris Tokita, Data Scientist
Chris Tokita, Data Scientist - September 30, 2021
  • Software Supply Chain Security

Vulnerability Reporting Has Fallen Behind

There has been an explosion in new software over the past 3-10 years. The amount of new software released and the number of new software developers entering the job market has increased dramatically....

Aaron Bray, CEO
Aaron Bray, CEO - September 28, 2021
  • Product Release

Phylum Launches Ruby, Python, and new UI/UX

We recently launched a major redesign of the product and rolled out new languages, including Ruby and Python.

Aaron Bray, CEO
Aaron Bray, CEO - September 16, 2021
1 2 3