Phylum, The Software Supply Chain Security Company, announces the release of its free Phylum Community Edition to expand the standard in supply chain security risk analysis to everyone.
The free Phylum Community Edition allows any user to identify open-source risks across five domains with deductive analysis that is integrated into every stage of a build. Available immediately, users can:
- Sign up for a free, individual account here
- Work on up to five projects at a time
- Join the Phylum slack community to collaborate with other developers and security professionals
- Get exclusive access to future beta features
- Contribute feedback to the product
- Access community support
“We’re excited to get Phylum in the hands of security engineers and developers around the world. Supply chain attacks are just getting started, and users need the ability to identify risk across the entire OSS supply chain attack surface. With the Phylum Community Edition, users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain,” said Peter Morgan, co-founder and president of Phylum.
The Phylum Risk Framework
Phylum’s proactive approach to analyzing the risk inherent within the software supply chain is built from years of research and observation.
Instead of taking a retrospective approach by analyzing incidents after they occur, Phylum starts by consuming all available information about open-source packages and structuring the data in a consistent format for analysis. Layers of analytics, heuristics and ML models then comb through the data to find risk indicators. Deductive analysis is then applied to account for the entire context around each indicator, and identified risks are prioritized based on the risk tolerance criteria set by the organization.
This allows Phylum to effectively surface and prioritize meaningful issues before an incident occurs, in a manner that does not overwhelm security teams. These risks can then be addressed before leading to compromise, outages, service degradation at runtime or legal liability.
“Given the large volume of components involved in the development of modern software, surfacing meaningful findings becomes critically important – as does accurately prioritizing issues. Phylum defines the attack surface and conducts the deductive analysis, and users define risk tolerance based on project needs. This combination results in a significantly reduced attack surface, and categorized risk prioritized by business objective,” said Brad Crawford, vice president of product at Phylum and co-author of the MITRE ATT&CK Framework.
The Phylum Risk Framework is the standard in software supply chain security, defined by the following categories: Malicious Code, Software Vulnerabilities, Authorship Risk, Reputation, License Misuse and Engineering Risk.
For more such updates follow us on Google News ITsecuritywire News