Veracode, a software code analysis firm based in Burlington, Massachusetts, announced the acquisition of key assets from Phylum, a startup focused on software supply chain security. While the financial terms of the deal were not disclosed, Veracode revealed that the acquisition includes Phylum’s malicious package analysis, detection, and mitigation technologies. This move is aimed at enhancing Veracode’s ability to identify and block malicious code in open-source libraries, which has become a growing concern for software developers and companies.
Phylum, which raised approximately $20 million in venture capital since its founding in 2020, focused on protecting applications at the perimeter of the open-source ecosystem. Veracode’s acquisition of these assets is part of its strategy to offer a more comprehensive view of the risks associated with the use of open-source code. With software supply chain attacks projected to triple in cost over the next decade, Veracode sees this acquisition as an essential step in proactively preventing such attacks.
The integration of Phylum’s technology will bolster Veracode’s Software Composition Analysis (SCA) product by providing customers with tools to identify and block malicious packages and vulnerabilities in real time. This is particularly crucial as the risks associated with open-source software continue to grow, with estimates suggesting that the cost of these attacks could reach $138 billion by 2031. The integration of Phylum’s malicious package database and package management firewall will enhance Veracode’s existing security solutions.
This acquisition is the second major purchase by Veracode in less than a year, following the acquisition of Longbow Security in April 2024. Longbow’s technology helped Veracode’s customers discover cloud and application assets and assess their exposure to threats more easily. With the Phylum deal, Veracode aims to further solidify its position in the security market by offering advanced tools to combat the rising threat of supply chain attacks. The integration of Phylum’s technology is expected to be available by early 2025.
