ActiveState launched its Vulnerability Management as a Service (VMaas) offering that revolutionizes how organizations manage open source and accelerates secure software delivery.
ActiveState’s Vulnerability Management as a Service combines Application Security Posture Management (ASPM) and Intelligent Remediation capabilities with expert guidance. This solution enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured.
“DevOps teams tell us they spend tens of thousands of hours each year sifting through alerts, researching whether vulnerabilities are reachable and if fixing them might break current functionality, prioritizing what to fix first, and then making sure the work gets done,” said Scott Robertson, CTO, ActiveState. “ActiveState’s Vulnerability Management as a Service zeroes in on these challenges, and acts as a DevOps co-pilot that removes the tedium and time-consuming nature of the tasks while giving them the control they desire to get the job done quickly and effectively.”
Current approaches to vulnerability management are not keeping pace with efforts to exploit them. 90% of the code running in production is of open source origin, which presents a significant risk: Open source vulnerabilities rose by 130% in 2024 and critical vulnerabilities are present in 74% of code bases. Fewer than 40% of companies report that they actually remediate vulnerabilities, and when they do, it takes an average of 270 days to deploy a fix. The time to exploit by bad actors, by contrast, is less than 24 hours.
Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. Application Security Posture Management (ASPM) tools like ActiveState help identify, prioritize, and remediate vulnerabilities throughout the entire software development lifecycle.
However, ActiveState is the sole provider of Vulnerability Management as a Service in the ASPM market, setting itself apart with a unique combination of ASPM, Intelligent Remediation, and expert guidance that help companies maximize the value they receive.
ActiveState changes the vulnerability management landscape for DevSecOps teams by providing a comprehensive view of vulnerability status across their application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths based on corporate policies and avoiding breaking changes.
The platform facilitates the secure building of open source packages from source, allows better governance of open source software usage, and ultimately empowers teams to move from a reactive, time-consuming process to proactive, strategic security.
In addition, the ActiveState team brings its 25+ years of experience in securing open source in the enterprise to act as an extension of a company’s DevOps team. This ensures end-to-end vulnerability management from discovery and prioritization through remediation and deployment.
And, with ActiveState’s curated catalog of open source software comprising more than 40+ million components (the largest in the industry), companies can better govern open source software usage across their organizations and guard against their security posture eroding over time. With ActiveState, enterprises can resolve vulnerabilities as they’re discovered, reduce Mean Time to Resolution (MTTR) from hundreds of days to dozens of hours, and minimize the exploit window.
“For too long, companies have had to suffer the consequences of tools that only get them half way through the vulnerability management process and leave them exposed for too long,” said Stephen Baker, CEO, ActiveState. “With ActiveState’s Vulnerability Management as a Service, which marries technology with open source expertise, they can finally experience the outcomes they’ve been promised but not yet realized. I’m excited to see how this changes the vulnerability management landscape.”
