informa
3 min read
article

Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible

Users can identify risks across five domains, work on multiple projects, and take advantage of exclusive community benefits.

EVERGREEN, Colo., Aug. 4, 2022 /PRNewswire/ — Phylum, The Software Supply Chain Security Company, announces the release of its free Phylum Community Edition to expand the standard in supply chain security risk analysis to everyone.

Users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain.

The free Phylum Community Edition allows any user to identify open-source risks across five domains with deductive analysis that is integrated into every stage of a build. Available immediately, users can:

— Sign up for a free, individual account here
— Work on up to five projects at a time
— Join the Phylum slack community to collaborate with other developers and security professionals
— Get exclusive access to future beta features
— Contribute feedback to the product
— Access community support


"We're excited to get Phylum in the hands of security engineers and developers around the world. Supply chain attacks are just getting started, and users need the ability to identify risk across the entire OSS supply chain attack surface. With the Phylum Community Edition, users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain," said Peter Morgan, co-founder and president of Phylum.

The Phylum Risk Framework

Phylum's proactive approach to analyzing the risk inherent within the software supply chain is built from years of research and observation.

Instead of taking a retrospective approach by analyzing incidents after they occur, Phylum starts by consuming all available information about open-source packages and structuring the data in a consistent format for analysis. Layers of analytics, heuristics, and ML models then comb through the data to find risk indicators. Deductive analysis is then applied to account for the entire context around each indicator, and identified risks are prioritized based on the risk tolerance criteria set by the organization.

This allows Phylum to effectively surface and prioritize meaningful issues before an incident occurs, in a manner that does not overwhelm security teams. These risks can then be addressed before leading to compromise, outages, service degradation at runtime or legal liability.

"Given the large volume of components involved in the development of modern software, surfacing meaningful findings becomes critically important — as does accurately prioritizing issues. Phylum defines the attack surface and conducts the deductive analysis, and users define risk tolerance based on project needs. This combination results in a significantly reduced attack surface, and categorized risk prioritized by business objective," said Brad Crawford, vice president of product at Phylum and co-author of the MITRE ATT&CK Framework.

The Phylum Risk Framework is the standard in software supply chain security, defined by the following categories: Malicious Code, Software Vulnerabilities, Authorship Risk, Reputation, License Misuse and Engineering Risk.

Get the Phylum Community Edition here.

Phylum will be at Black Hat 2022 in Innovation City booth# IC53. To meet up at the event, request a meeting here.

About Phylum
Phylum is the Software Supply Chain Company, on a mission to secure the universe of code. Developers and security professionals use Phylum to identify open-source risks across five domains using deductive analysis that is integrated into every stage of a build. The company is built by a team of career security researchers and developers with decades of experience in the US Intelligence Community and commercial sectors. Learn more at https://phylum.io, read The Phylum Research Blog, and follow us on LinkedIn and Twitter.

SOURCE: Phylum