Vendors can now incorporate Phylum’s findings into products, and users can access and correlate high-fidelity data in preferred tools
Phylum, the software supply chain security company, announced the launch of its partner program and the availability of its threat feed of open-source malware. Vendors looking to enhance their DevSecOps offerings can easily integrate with the Phylum platform and now incorporate the new threat feed into their products. The threat feed identifies when open-source packages contain malware and can be used to inform package approval processes or be correlated with other sources to contextualize threats.
Read More: SalesTechStar Interview with Shaun Shirazian, Chief Product Officer at Pipedrive
“Join Phylum in defending developers and applications from attacks originating in the open-source ecosystem.”
“Since the launch of Phylum, we have made it a priority for users to benefit from our technology directly in the tools they are already using. We’ve now turned that commitment into a dedicated partner program that makes Phylum’s open-source malware findings more accessible in the security tools used to curate and correlate threat data,” said Aaron Bray, co-founder and CEO of Phylum.
Recently, Phylum was the first to report a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. A security alert from GitHub then publicly attributed this cyberattack to threat actors with strong ties to North Korean objectives. Phylum’s threat feed provides organizations with indicators of compromise for software supply chain attacks in easily consumed formats for existing security tools. This novel data source helps organizations determine if they are impacted and users could be alerted by a phylum partner, depending on the tool.
Read More: Future of RFID: The Cost of Inaccurate Inventory
Phylum currently accepts the following types of partners:
- Tech Alliance: Phylum complements many security and DevOps tools to better protect developers and applications from software supply chain security attacks.
- OEM: Phylum can seamlessly integrate its platform or threat feed of open-source malware to add software supply chain features and capabilities to any product.
- Reseller: Phylum works with resellers to bolster their software supply chain security portfolios and add value to SCA, EDR, CNAPP, security analytics and observability products.