ActiveState Introduces First-of-Its-Kind Vulnerability Management Service for Open Source Security

ActiveState Launches an Innovative Vulnerability Management Service

ActiveState has made a significant leap in the security domain with the introduction of its Vulnerability Management as a Service (VMaaS), designed specifically for the open source software supply chain. This groundbreaking service combines Application Security Posture Management (ASPM) with intelligent remediation techniques, providing expert guidance to enhance secure software delivery.

Addressing Open Source Challenges

The growing reliance on open source software presents unique challenges. Currently, about 90% of the code in production comes from open-source origins, creating vulnerability risks. Research indicates that open source vulnerabilities surged by a staggering 130% in 2024, and critical vulnerabilities are found in 74% of code bases. Yet, less than 40% of companies manage to remediate these vulnerabilities effectively. Typically, it takes organizations an average of 270 days to deploy fixes, whereas malicious actors can exploit these vulnerabilities in under 24 hours.

ActiveState’s VMaaS aims to tackle these issues head-on by equipping DevSecOps teams with a comprehensive solution. Scott Robertson, the Chief Technology Officer at ActiveState, emphasized that current vulnerability management solutions overwhelm teams with data, resulting in delays and increased risks. With the new service, ActiveState acts as a “DevOps co-pilot,” simplifying the cumbersome tasks of managing vulnerabilities and allowing teams to focus on strategic security enhancements.

Streamlined Vulnerability Management

The VMaaS provides a unified view of application vulnerabilities across the software development lifecycle. This approach enables users to prioritize risks effectively, assess the impact of updates, and adopt recommended remediation paths that align with corporate policies—without disrupting existing functionalities. As a result, organizations can shift from a cumbersome, reactive approach to a proactive, strategic stance towards security.

Moreover, ActiveState's extensive catalog of over 40 million open source components ensures that enterprises can effectively manage their open source usage and maintain a fortified security posture over time.

Expert Support and Rapid Fixes

ActiveState's experience spans over two decades in securing open source software in enterprise settings, allowing them to serve as an extension of a company's DevOps team. This collaboration ensures an end-to-end vulnerability management process—from discovery and prioritization to remediation and deployment—ultimately reducing the Mean Time to Resolution (MTTR) from days to just hours.

Stephen Baker, the CEO of ActiveState, pointed out that up until now, many companies have faced significant consequences from incomplete vulnerability management tools. ActiveState's VMaaS changes this landscape, providing advanced technology fused with open source expertise to deliver meaningful outcomes.

Companies interested in enhancing their open source security can learn more about ActiveState's Vulnerability Management as a Service by reaching out directly to the company. This innovative service could be a game-changer for organizations looking to secure their software supply chains effectively and efficiently.