We look forward to presenting Transform 2022 in person again on July 19 and virtually from July 20 to 28. Join us for insightful conversations and exciting networking opportunities. Register today!
Software supply chain security provider Phylum today raised $15 million in Series A funding. ClearSky leads the round with contributions from Atlassian Ventures, FirstIn and industry funds.
The development of modern Agile projects has shown that aligning security practices requires very tight integration of security principles with day-to-day software development, design, and tooling support. Various companies develop standardized and well-defined solutions that can be used as a reference for development teams. One of these companies is Phylum.
After noticing the rise in open source adoption and the associated risk in the software supply chain, Aaron Bray, Louis Lang, and Peter Morgan launched Phylum in 2020. The group built Phylum with the primary goal of addressing the vulnerabilities that persist are ignored using traditional approaches.
“It’s incredibly empowering that ClearSky and Atlassian join our mission to defend the open source ecosystem so businesses can continue to take advantage of open source software safely and efficiently,” said Peter Morgan, co-founder and president of phylum.
Modern software development
The combination of open source and devops enables the automated use of untrustworthy software via dependencies on unknown authors on the Internet. This makes it more difficult for security teams to simultaneously manage risks.
The security quality process in modern software development has to undergo significant changes. Security professionals need to shift their attention from features to individual modifications to fit into the development methodology. This transition could lead to closer interaction between development and security, better security quality through regular feedback, and easier enforcement of compliance.
Phylum automates the process of identifying packages, analyzing risks in the supply chain, and categorizing those risks into five domains including: malicious code, vulnerability, license, author, and engineering risk.
In an average time of just 11 minutes, Phylum captures and analyzes each package as it is published to a package registry, automating risk analysis and malware detection to bring malicious packages to fruition. This method allows monthly classification and elimination of hundreds of unknown malicious packages and their creators.
“The rise in hacking of supply chain components has emphasized the need to focus on more than just known software vulnerabilities. Development and security teams need proactive risk management technologies that enable them to detect compromised packages before they are integrated into mission-critical applications. We’re excited to support Phylum’s quest to transform the open source risk management space here at ClearSky,” said Patrick Heim, Partner and CISO at ClearSky.
The company intends to expand its go-to-market team and continue inventing new heuristics and machine learning (ML) models to proactively identify threats in open-source packages. This will be accomplished through leveraging the Series A investment and the recent hiring of new Chief Revenue Officer Patrick Sheehan. Additionally, Phylum customers are currently stepping up their DevSecOps missions with the release of version 2 of the platform.
“Technology teams can use Phylum’s solution to combat the growing number of threats in the software supply chain. We look forward to seeing how Phylum will benefit our 200,000+ Atlassian cloud customers by allowing them to focus on the work they love instead of worrying about security concerns. Phylum’s addition to Atlassian Ventures is a significant win for development teams around the world,” said Matt Sonefeldt, head of Atlassian Ventures.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more about membership.