Discord Contact

Phylum Research

Q1 2024 Evolution of Software Supply Chain Security Report

Q1 2024 Evolution of Software Supply Chain Security Report

Phylum Research
Open source rocks, but 82% of malicious packages lack CVEs. Phylum monitors open-source libraries & alerts you to threats before they hit your software.
Phylum Research Team 7 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

Subscribe to our research

Keep up with the latest software supply chain attacks

⏲Please hold while we check our collection.

Something's gone wrong. Please try again.

Success! Check your inbox for our email.

Rust Crate Shipping xz Backdoor

Rust Crate Shipping xz Backdoor

Rust crate found shipping XZ backdoor. Learn about Phylum’s discovery, the maintainer’s swift response, and potential risks that remain after the initial mitigation. Protect your software supply chain from similar threats....
Phylum Research Team 3 min read