EVERGREEN, Colo., Aug. 4, 2022 /PRNewswire/ — Phylum, The Software program Provide Chain Safety Firm, pronounces the discharge of its free Phylum Neighborhood Version to broaden the usual in provide chain safety danger evaluation to everybody.
Customers can shortly perceive useful danger insights primarily based on our distinctive method to defending the software program provide chain.
The free Phylum Neighborhood Version permits any consumer to determine open-source dangers throughout 5 domains with deductive evaluation that’s built-in into each stage of a construct. Accessible instantly, customers can:
— Join a free, particular person account right here
— Work on as much as 5 initiatives at a time
— Be part of the Phylum slack neighborhood to collaborate with different builders and safety professionals
— Get unique entry to future beta options
— Contribute suggestions to the product
— Entry neighborhood assist
“We’re excited to get Phylum within the fingers of safety engineers and builders around the globe. Provide chain assaults are simply getting began, and customers want the power to determine danger throughout the complete OSS provide chain assault floor. With the Phylum Neighborhood Version, customers can shortly perceive useful danger insights primarily based on our distinctive method to defending the software program provide chain,” mentioned Peter Morgan, co-founder and president of Phylum.
The Phylum Threat Framework
Phylum’s proactive method to analyzing the danger inherent inside the software program provide chain is constructed from years of analysis and commentary.
As a substitute of taking a retrospective method by analyzing incidents after they happen, Phylum begins by consuming all out there details about open-source packages and structuring the info in a constant format for evaluation. Layers of analytics, heuristics, and ML fashions then comb by the info to seek out danger indicators. Deductive evaluation is then utilized to account for the complete context round every indicator, and recognized dangers are prioritized primarily based on the danger tolerance standards set by the group.
This permits Phylum to successfully floor and prioritize significant points earlier than an incident happens, in a way that doesn’t overwhelm safety groups. These dangers can then be addressed earlier than resulting in compromise, outages, service degradation at runtime or authorized legal responsibility.
“Given the massive quantity of parts concerned within the improvement of recent software program, surfacing significant findings turns into critically necessary — as does precisely prioritizing points. Phylum defines the assault floor and conducts the deductive evaluation, and customers outline danger tolerance primarily based on challenge wants. This mix leads to a considerably diminished assault floor, and categorized danger prioritized by enterprise goal,” mentioned Brad Crawford, vice chairman of product at Phylum and co-author of the MITRE ATT&CK Framework.
The Phylum Threat Framework is the usual in software program provide chain safety, outlined by the next classes: Malicious Code, Software program Vulnerabilities, Authorship Threat, Popularity, License Misuse and Engineering Threat.
Get the Phylum Neighborhood Version right here.
Phylum can be at Black Hat 2022 in Innovation Metropolis sales space# IC53. To fulfill up on the occasion, request a gathering right here.
About Phylum
Phylum is the Software program Provide Chain Firm, on a mission to safe the universe of code. Builders and safety professionals use Phylum to determine open-source dangers throughout 5 domains utilizing deductive evaluation that’s built-in into each stage of a construct. The corporate is constructed by a group of profession safety researchers and builders with many years of expertise within the US Intelligence Neighborhood and business sectors. Study extra at https://phylum.io, learn The Phylum Analysis Weblog, and observe us on LinkedIn and Twitter.
SOURCE: Phylum
