Application security company Veracode Inc. today announced that it had acquired certain assets from software supply chain security company Phylum Inc. for an undisclosed price.

Under the deal, Veracode is acquiring Phylum’s malicious package analysis, detection and mitigation technology. The technology is planned to be used to enhance Veracode’s ability to identify and block malicious code in open-source libraries and give customers a more comprehensive view of risks associated with open-source code usage.

The acquisition comes at a time when software supply chain attacks are becoming increasingly sophisticated and costly, with projected global damages expected to rise from $46 billion in 2023 to $138 billion by 2031. By integrating Phylum’s automated malicious code analysis pipeline, Veracode is aiming to assist organizations in identifying and blocking threats in real time, reducing the risk of data breaches and operation disruptions.

Phylum’s tech brings a cutting-edge malicious package database and package management firewall to Veracode’s platform, which will further strengthen its Software Composition Analysis offering. The tools coming to Veracode are designed to provide instant analysis of newly published packages and, in doing so, close the gap between threat identification and mitigation.

With Phylum’s fully automated malicious code analysis pipeline, Veracode significantly shortens the window of opportunity for attackers. Newly published packages are analyzed within seconds, helping customers proactively prevent attacks.

The acquisition does not include Phylum’s tech alone, with the experts behind Phylum’s malicious package analysis also joining Veracode. The incoming researchers have uncovered nearly half a million malicious packages, including targeted campaigns against industries like finance and cryptocurrency. Their expertise will complement Veracode’s mission to deliver industry-leading solutions for application risk management.

“Uniting Veracode’s platform and Phylum’s malicious package detection and mitigation technology creates exceptional value for our customers worldwide,” Aaron Bray, chief executive officer amd co-founder of Phylum, commented on a deal. “By combining our advanced research capabilities with Veracode’s industry-leading platform, we’re expanding the fight against software supply chain threats.”

“Together, we will deliver even greater protection and peace of mind to organizations navigating an increasingly complex threat landscape, and we are excited to join the team,” Bray added.

Phylum’s technology, including its malicious package database and package management firewall, is planned to be integrated into Veracode’s SCA product, with general availability expected later this year.

Image: SiliconANGLE/Ideogram