ActiveState, an open source management platform securing software supply chains, recently released its first-ever State of Vulnerability Management & Remediation–and it found many critical vulnerabilities plaguing the industry.
Released in March, the report found that vulnerable and outdated components are the primary elements affecting organizations’ security posture. Additionally, the report found a diffusion of responsibility, where remediation efforts are fragmented across different teams without a single point of accountability.
To address these challenges, the report recommends that organizations prioritize open source posture management, understand the true extent of risk with vulnerability blast radius, make smarter decisions with a risk prioritization copilot, and fix vulnerabilities faster with a precision remediation pipeline.
"Our 2025 State of Vulnerability Management & Remediation Report clearly demonstrates that while organizations are increasingly aware of the risks posed by vulnerable open source components, significant challenges remain in effectively prioritizing and remediating these threats," says Scott Robertson, CTO of ActiveState. "To truly strengthen their security posture without hindering innovation, organizations need to move beyond manual tools and embrace intelligent, AI-powered solutions like the ActiveState Platform that provide deep visibility, AI-powered risk prioritization, and precision remediation. This report underscores the urgency for a strategic shift in how we approach open source security, and ActiveState is committed to leading that transformation."
