Veracode, a software code analysis firm based in Burlington, Massachusetts, has acquired key assets from Phylum, a Colorado-based startup specializing in software supply chain security. The deal includes Phylum’s malicious package analysis, detection, and mitigation technology, enhancing Veracode’s ability to identify and block risks in open-source libraries. This move aligns with Veracode's goal to address the projected increase in software supply chain attack costs, expected to triple from $46 billion in 2023 to $138 billion by 2031. Phylum’s technology, including its malicious package database and package management firewall, will be integrated into Veracode’s Software Composition Analysis (SCA) product, with general availability anticipated early this year. This marks Veracode's second acquisition within a year, following its purchase of Longbow Security last April to bolster cloud and application asset threat assessment capabilities. Continue here.
