Reduce Friction between Developers & AppSec Teams
Successful organizations will make the shift to a developer first...
Research | Jun 01, 2022
Hidden Dependencies Lurking in the Software Dependency Network
Part 1 in a blog series that will explore the software dependency network.
Chris Tokita, Data Scientist
Securing the Innovation Pipeline – 5 Key Considerations on Software Supply Chain Risk
Open-source software growth will continue to outpace proprietary...
Aaron Bray, CEO
Managing Software Supply Chain Security Risks
Software supply chain incidents have increased by over 400% last...
Aaron Bray, CEO
Using Entropy to Identify Obfuscated Malicious Code
To avoid detection, malicious authors will deliberately obscure the...
Eric Freitag, Chief Engineer
Spark and Rust - How to Build Fast, Distributed and Flexible Analytics Pipelines with Side Effects
How to use Rust and Spark to build fast, distributed and flexible...
Andrea Venuta, Senior Software Engineer
What Is "Abandonware" and Is It a Security Risk?
Identifying abandonware is not necessarily straightforward. In this...
Eric Freitag, Chief Engineer
Detecting Potential Bad Actors in GitHub
Phylum is continually working to improve our author risk analysis to...
Chris Tokita, Data Scientist
How to Understand and Defend Against SolarWinds-Type Attacks
In late 2020, one of the most devastating cyber attacks of the last...
Aaron Bray, CEO
The Anatomy of a Malicious Package (Part 2)
Picking up where we left off in the last article, it's time to start...
Aaron Bray, CEO
The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll...