Phylum manages the risk of using untrusted, open-source libraries; enables security teams and developers to innovate at speed.

Today, Phylum announces $15 million in Series A funding. The round is led by ClearSky, with contributions from Atlassian Ventures, SixThirty Ventures, First In and TechOperators.

"It is incredibly validating to have ClearSky and Atlassian join our mission to defend the open-source ecosystem so organizations can continue to leverage the benefits of open-source software securely and efficiently,"

said Peter Morgan, co-founder and president of Phylum.

Phylum was founded in 2020 by Aaron Bray, Louis Lang and Peter Morgan, who are all career security researchers and developers with an accomplished history in cyber offense. Experienced in both commercial and government sectors, the team observed the rise in open-source usage and associated risk in the software supply chain, and created Phylum to combat the threats that continue to go unaddressed using traditional methods.

"The explosion in supply chain component compromise has highlighted the need to expand focus beyond known software vulnerabilities. Development and security teams need proactive risk management tools that enable them to identify compromised packages before they are included in mission-critical applications. At ClearSky, we are proud to support Phylum's mission to reshape the space of open-source risk management,"

said Patrick Heim, Partner and CISO at ClearSky.

Modern software development requires advances beyond software vulnerabilities

Open-source software has enabled developers to accelerate release schedules. DevOps processes assist developers through standards enforcement, testing and build automation. This combination enables automated use of untrusted software via dependencies from unknown authors on the Internet, increasing the security teams' burden to manage risk at the same pace. Recent attacks have shown that we can no longer solely rely on software composition analysis products that are focused on software vulnerabilities in order to defend the complete attack surface of the open-source software supply chain.

Phylum automates the entire process of identifying packages, analyzing the supply chain risk, and categorizing these risks into all five domains: Malicious Code, Vulnerability, License, Author, and Engineering risk. Phylum ingests and analyzes each package as it is published into a package registry, and automates risk analysis and malware detection to convict malicious packages with an average time of 11 minutes. This approach enables the classification and removal of hundreds of unidentified malicious packages and their respective authors, per month.

With the Series A investment and the recent hire of Patrick Sheehan as Chief Revenue Officer, the company plans to grow its go-to-market team and continue the invention of new heuristics and machine learning models to proactively identify risk in open-source packages. With the recent release of version 2.0 of the platform, Phylum's clients continue to bolster their DevSecOps missions.

"Phylum's solution helps technology teams battle the growing number of threats from the software supply chain. We are excited to witness the impact Phylum will have for our 200,000+ Atlassian cloud customers, empowering their teams to focus on the work they love instead of combating security vulnerabilities. Having Phylum in the Atlassian Ventures family is a huge win for development teams everywhere,"

said Matt Sonefeldt, head of Atlassian Ventures.

SOURCE Phylum

Referenced entities
Referenced countries