Jan 6, 2025
Operator Insights
Phylum Joins Forces with Veracode
The security of the software supply chain has become one of the most urgent challenges facing enterprises today. As threat actors increasingly target open-source ecosystems and development pipelines, the need for proactive, automated defenses has never been clearer.
That’s why milestones like this matter.
We are proud to share that Phylum, a TechOperators portfolio company, has been acquired by Veracode — a leader in application security. This acquisition marks a major step forward in how enterprises can manage the risks lurking inside software dependencies and third-party code at scale.
Phylum’s vision from the start was simple but powerful:
Make it possible to identify and mitigate risky packages before they become part of mission-critical applications.
Their technology, including dynamic package analysis and a package management firewall, enables organizations to detect, block, and neutralize software supply chain threats — before damage is done.
This milestone is not just a success story for the Phylum team. It’s a signal that proactive, architecture-level approaches to securing code supply chains are becoming foundational to enterprise security strategies.
The Importance of Software Supply Chain Security
Modern development relies heavily on third-party components—open-source libraries, packages, and tools—most of which were never designed with security as a first principle.This creates an expansive, fast-moving attack surface that traditional AppSec and DevSecOps practices struggle to keep up with.
Today's adversaries exploit this gap through tactics like:
Typosquatting (uploading malicious packages with names similar to popular libraries)
Dependency Confusion (injecting fake packages into trusted ecosystems)
Malicious Package Insertion (embedding backdoors or malware in seemingly benign components)
Securing the software supply chain requires shifting left and acting earlier—at the point where code is selected, before it’s ever integrated into production pipelines. It requires treating package ingestion as a security event, not just a developer convenience.
Phylum built solutions to make this real for enterprises. Veracode’s acquisition ensures that these capabilities can now scale to protect even more organizations globally.
A Congratulations, and a Look Ahead
Congratulations to the Phylum team — Aaron Bray, Louis Lang, and the entire crew — on building technology and a vision that the market clearly needed. We’re proud to have partnered with you early, and even more proud to see your impact expand through this next chapter.
The future of software security will belong to those who anticipate risks before they are headlines—and who build the tools to neutralize them before attackers exploit them.
This acquisition is a step toward that future.
And it’s only the beginning.
