Phylum Launches Partner Program, Introduces Threat Feed of Malicious Open-Source Packages

Vendors can now incorporate Phylum's findings into products, and users can access and correlate high-fidelity data in preferred tools

EVERGREEN, Colo., Aug. 3, 2023 /PRNewswire/ -- Phylum, the software supply chain security company, today announced the launch of its partner program and the availability of its threat feed of open-source malware. Vendors looking to enhance their DevSecOps offerings can easily integrate with the Phylum platform and now incorporate the new threat feed into their products. The threat feed identifies when open-source packages contain malware and can be used to inform package approval processes or be correlated with other sources to contextualize threats. 

"Since the launch of Phylum, we have made it a priority for users to benefit from our technology directly in the tools they are already using. We've now turned that commitment into a dedicated partner program that makes Phylum's open-source malware findings more accessible in the security tools used to curate and correlate threat data," said Aaron Bray, co-founder and CEO of Phylum.

Recently, Phylum was the first to report a series of suspicious npm publications belonging to what appeared to be a highly targeted attack. A security alert from GitHub then publicly attributed this cyberattack to threat actors with strong ties to North Korean objectives. Phylum's threat feed provides organizations with indicators of compromise for software supply chain attacks in easily consumed formats for existing security tools. This novel data source helps organizations determine if they are impacted and users could be alerted by a phylum partner, depending on the tool. 

Phylum currently accepts the following types of partners:

• Tech Alliance: Phylum complements many security and DevOps tools to better protect developers and applications from software supply chain security attacks.
• OEM: Phylum can seamlessly integrate its platform or threat feed of open-source malware to add software supply chain features and capabilities to any product.
• Reseller: Phylum works with resellers to bolster their software supply chain security portfolios and add value to SCA, EDR, CNAPP, security analytics and observability products.

Join Phylum in defending developers and applications from attacks originating in the open-source ecosystem. Apply to become a partner here.

About Phylum

Phylum is on a mission to secure the universe of code. Its platform automates software supply chain security to contextualize risks, block attacks and allow users to only use open-source code that they trust. The company is built by a team of career security researchers and developers with decades of experience in U.S. Intelligence Community and commercial sectors. Phylum is the winner of the Black Hat 2022 Innovation Spotlight Competition, a Cyber Defense Magazine Top Infosec Innovator and a winner of Inc's 2023 Best Workplaces. Learn more at https://phylum.io, read The Phylum Research Blog, and follow us on LinkedIn, Twitter and YouTube.

SOURCE Phylum