customers can pick out risks across 5 domains, paintings on multiple projects, and take benefit of one of a kind community advantages.
evergreen, colo., aug. 4, 2022 /prnewswire/ — phylum, the software supply chain safety employer, announces the release of its loose phylum community version to amplify the same old in deliver chain safety hazard evaluation to anybody.
customers can quick recognize precious chance insights primarily based on our specific technique to protecting the software program deliver chain.
the loose phylum community version lets in any consumer to pick out open-supply dangers throughout 5 domain names with deductive evaluation that is included into every level of a construct. to be had without delay, customers can:
“we’re excited to get phylum inside the arms of safety engineers and builders round the arena. supply chain attacks are simply getting commenced, and customers need the ability to perceive chance throughout the whole oss deliver chain assault floor. with the phylum community version, users can speedy recognize treasured chance insights based totally on our specific method to protecting the software program deliver chain,” stated peter morgan, co-founder and president of phylum.
the phylum danger framework
phylum’s proactive approach to analyzing the danger inherent in the software program deliver chain is constructed from years of studies and statement.
instead of taking a retrospective method with the aid of studying incidents after they arise, phylum begins via eating all to be had statistics about open-source packages and structuring the records in a steady format for analysis. layers of analytics, heuristics, and ml models then comb via the records to discover chance indicators. deductive evaluation is then carried out to account for the entire context round every indicator, and recognized risks are prioritized primarily based at the chance tolerance standards set through the business enterprise.
this permits phylum to efficiently floor and prioritize significant troubles before an incident takes place, in a manner that does not weigh down protection groups. those dangers can then be addressed earlier than leading to compromise, outages, provider degradation at runtime or legal liability.
“given the large extent of additives worried inside the improvement of current software, surfacing meaningful findings turns into seriously important — as does correctly prioritizing issues. phylum defines the attack floor and conducts the deductive analysis, and users outline risk tolerance primarily based on mission wishes. this mixture results in a appreciably reduced attack floor, and categorized hazard prioritized by means of enterprise objective,” said brad crawford, vice chairman of product at phylum and co-writer of the mitre att&ck framework.
the phylum threat framework is the usual in software deliver chain protection, described by means of the following classes: malicious code, software vulnerabilities, authorship risk, reputation, license misuse and engineering risk.
get the phylum network version here.
phylum could be at black hat 2022 in innovation metropolis sales space# ic53. to fulfill up on the event, request a meeting right here.
phylum is the software program deliver chain corporation, on a mission to steady the universe of code. builders and protection professionals use phylum to identify open-source dangers across 5 domain names the usage of deductive evaluation this is integrated into each stage of a build. the business enterprise is built via a team of career safety researchers and builders with decades of enjoy inside the us intelligence network and industrial sectors.