Users can identify risks in five domains, work on multiple projects and enjoy exclusive community benefits
EVERGREEN, Col., Aug 4, 2022 /PRNewswire/ — Phylum, The Software Supply Chain Security Company, announces the release of its free Phylum Community Edition to extend the standard in supply chain security risk analysis to everyone.
The free Phylum Community Edition allows any user to identify open source risks in five domains with deductive analysis integrated into every stage of a build. Available immediately, users can:
The Phylum Risk Score is based on the five domains of the Phylum Risk Framework and based on each company’s unique threat model.
- Sign up here for a free individual account
- Work on up to five projects at once
- Join the Phylum Slack community to collaborate with other developers and security professionals
- Get exclusive access to future beta features
- Giving feedback to the product
- Access to community support
“We are excited to have Phylum in the hands of security engineers and developers around the world. Supply chain attacks are just getting started and users should have the ability to identify risks across the entire OSS attack surface of the supply chain. With the Phylum Community Edition, users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain.” Peter Morganco-founder and president of Phylum.
The Phylum Risk Framework
Phylum’s proactive approach to analyzing the risks inherent in the software supply chain is based on years of research and observation.
Rather than taking a retrospective approach by analyzing incidents after they have occurred, Phylum begins by consuming all the information available on open source packages and structuring the data in a consistent format for analysis. Layers of analytics, heuristics, and ML models then comb through the data to find risk indicators. Deductive analysis is then applied to take into account the full context surrounding each indicator, and identified risks are prioritized based on the risk tolerance criteria established by the organization.
This enables Phylum to effectively surface and prioritize meaningful issues before an incident occurs, in a way that doesn’t overwhelm security teams. These risks can then be addressed before they lead to compromise, outages, service degradation at runtime, or legal liability.
“Given the large number of components involved in the development of modern software, unearthing meaningful findings becomes critical – as well as accurately prioritizing issues. Phylum defines the attack surface and performs the deductive analysis, and users define risk tolerance based on of project needs. combination results in a significantly smaller attack surface and categorized risks prioritized based on business objective,” said Brad Crawfordvice president of product at Phylum and co-author of the MITER ATT&CK Framework.
The Phylum Risk Framework is the standard in software supply chain security defined by the following categories: malicious code, software vulnerabilities, authorship risk, reputation, license abuse, and engineering risk.
Download the Phylum Community Edition here.
Phylum will be exhibiting at Black Hat 2022 in Innovation City booth #IC53. Request an appointment here to meet at the event.
About Phylum
Phylum is the Software Supply Chain Company, on a mission to secure the universe of code. Developers and security professionals use Phylum to identify open source risks across five domains using deductive analysis integrated into every stage of a build. The company was built by a team of career security researchers and developers with decades of experience in the US intelligence community and commercial sectors. Learn more at https://phylum.io, read The Phylum Research Blog and follow us on LinkedIn and Twitter.
SOURCE Phylum
.