Phylum Insights and Resources

Build System and Version Control Compromises - the New Normal

While SolarWinds made headlines within the last few months for the sheer scope of impact, a sharp uptick in build and version control system compromises have followed in the intervening months, targeting third-party tools and open

Phylum Research Team Apr 25, 2021 3 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases

82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools

70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies

60%

of Phylum’s findings are not found by
other software supply chain companies

What the History of Software Supply Chain Attacks Says About Today’s Risk

Despite attracting major media attention in the wake of the recent SolarWinds breach, software supply chain attacks are not a new concept. In this post,...

Phylum Research Team Apr 21, 2021 5 min read

Internally Hosted Dependencies: A Losing Battle

There are well-known issues and uncertainties that come with third-party dependencies such as stale libraries containing vulnerabilities, malicious authors, and poorly-vetted contributions. As a result,...

Phylum Research Team Mar 23, 2021 3 min read