Phylum strengthens mission to defend the software supply chains

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Software supply chain security provider, Phylum, has raised $15 million in series A funding today. ClearSky is leading the round, with contributions from Atlassian Ventures, FirstIn and industry-specific funds.

Developing modern agile projects has shown that aligning security procedures necessitates a very close integration of security principles with everyday software development, design and tool support. Various companies are developing standardized and well-defined solutions that may be used as a reference for development teams. One of such companies is Phylum.

After noticing the surge in open-source adoption and the related risk in the software supply chain, Aaron Bray, Louis Lang and Peter Morgan launched Phylum in 2020. The group built Phylum with the primary objective of tackling the vulnerabilities that continue to be ignored when utilizing traditional approaches.

“It is incredibly validating to have ClearSky and Atlassian join our mission to defend the open-source ecosystem, so organizations can continue to leverage the benefits of open-source software securely and efficiently,” said Peter Morgan, cofounder and president of Phylum.

Modern software development

The combination of open source and devops allows for the automated use of untrusted software via dependencies from unknown authors on the internet. This makes it more difficult for security teams to manage risk at the same time.

The security quality process in modern software development must undergo significant changes. Security specialists must adjust their attention from features to individual modifications to fit into the development methodology. This transition could lead to a closer interaction between development and security, as well as better security quality, through regular feedback and easier compliance enforcement.

Phylum automates the process of identifying packages, analyzing supply chain risk and categorizing these risks into the five domains including: Malicious code,vulnerability, license,author and engineering risk.

In an average time of just 11 minutes, Phylum ingests and analyzes each package as it is published into a package registry, automating risk analysis and malware detection to convict harmful packages. This method allows for the monthly classification and eradication of hundreds of unknown harmful packages and their authors.

“The rise in supply chain component hacking has emphasized the need to focus on more than just known software vulnerabilities. Development and security teams require proactive risk management technologies that allow them to detect compromised packages before they are included into mission-critical applications. We are happy to support Phylum’s quest to transform the open-source risk management field here at ClearSky,” said Patrick Heim, partner and CISO at ClearSky.

Future projections

The company aims to expand its go-to-market team and continue the invention of new heuristics and machine learning (ML) models to proactively identify danger in open-source packages. This will be achieved utilizing the series A investment and the recent recruitment of newchief revenue officer, Patrick Sheehan. Additionally, clients of Phylum are currently continuing to strengthen their DevSecOps missions with the release of version 2 of the platform.

“Technology teams can use Phylum’s solution to combat the growing number of threats in the software supply chain. We’re looking forward to seeing how Phylum will benefit our 200,000+ Atlassian cloud clients, allowing them to focus on the work they love rather than worrying about security concerns. Phylum joining Atlassian Ventures is a significant gain for development teams all over the world,” said Matt Sonefeldt, head of Atlassian Ventures.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Source: Read Full Article