Introducing Veracode Threat Research

user-avatar

By Veracode Threat Research

First-person point-of-view of driving fast down a busy urban street
Malicious actors are targeting your developers faster than they can react. Are you prepared?

Secure Your Open-Source Ecosystem with the Latest Findings

We are excited to announce the launch of Veracode Threat Research, a new initiative to counter software supply chain threats. Thanks to the acquisition of Phylum, Inc., we are now equipped with cutting-edge technology and a wealth of expertise to revolutionize how we secure the open-source ecosystem and protect your developers from novel attacks.

What is Veracode Threat Research?

Veracode Threat Research, formerly the Phylum Research Team, is a dedicated team focused on identifying, analyzing, and mitigating threats in the software supply chain. With Phylum’s advanced research capabilities and an extensive database of malicious packages, including numerous targeted malware campaigns, we can provide real-time analysis and blocking of suspicious packages.

Why This Matters

The open-source ecosystem is a cornerstone of modern software development. However, it is also a prime target for attackers because threat actors continuously attempt to slip malicious packages into your codebase. A successful attack can lead to data breaches, system compromises, and other security nightmares. Veracode Threat Research is here to help you stay ahead of these threats.

What We Do

  • Real-Time Analysis: Our system continuously monitors the open-source ecosystem for new threats, ensuring you have the latest information.
  • Advanced Detection: Leveraging Phylum’s database, we can identify and block malicious packages before they can cause harm.
  • Proactive Prevention: By staying one step ahead of attackers, we help you prevent security incidents rather than just reacting to them.

How We Do It

For the Industry

The Veracode Threat Research team is committed to making the world safer by sharing in-depth analyses of novel supply-chain attacks.

  • Continuous Monitoring: Our threat research team constantly scans the open-source ecosystem for new and emerging threats.
  • Threat Analysis: Once a potential threat is identified, our team conducts a deep dive to understand its nature and impact.

For Customers

Veracode customers benefit directly from our findings through the following:

  • Real-Time Alerts: We send our customers real-time alerts for confirmed threats, providing actionable insights to mitigate the risk.
  • Automated Blocking: Our system can automatically block suspicious packages, ensuring your codebase remains secure.

Get Started

We are committed to making the open-source ecosystem safer for everyone. Stay tuned for more updates and findings.

Stay secure, The Veracode Threat Research Team

Apr 23, 2025

CVE Program Funding Disruption: What It Means for Cybersecurity and Veracode Customers

Learn More
user-avatar

Sohail Iqbal

Apr 16, 2025

Securing the AI-Driven Development Environment

Learn More
user-avatar

Natalie Tischler

Apr 10, 2025

AI and AppSec: A Partnership to Prevent Breaches 

Learn More
user-avatar

Natalie Tischler

user-avatar

By Veracode Threat Research