ActiveState

The most important number in your security program right now is not your CVE count. It is how long your remediation sequence takes from "critical CVE identified" to "clean deployment in production." Most teams do not know that number. Project Glasswing is going to surface it for them. Full read: buff.ly/EjYfOTB #OpenSourceSecurity #CyberSecurity #AppSec

A 27-year-old flaw in OpenBSD. A 16-year-old vulnerability in FFmpeg that survived 5 million automated tests. AI found both in the same project. The finding problem is getting solved. The question is whether your remediation infrastructure is built for what that actually means. Full read: buff.ly/EjYfOTB #ProjectGlasswing #OpenSourceSecurity #SoftwareSupplyChain

Project Glasswing found a 27-year-old zero-day in OpenBSD. Autonomously. The finding problem just got solved. The remediation problem just got harder. Industry average MTTR for a critical CVE: 60+ days. More CVEs, same infrastructure. Do the math. activestate.com/blog/project-g… #ProjectGlasswing #OpenSourceSecurity

Securing the container was never the whole answer. The application dependencies inside it were always the risk. In 2026, that gap has a name and a price tag. buff.ly/v5ooi3Q #OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

5 reasons your open source software strategy is a personal liability in 2026. AI code volume broke the scan-and-pray model. Here's what's left exposed. buff.ly/0QNitoA #OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

AI pulls open source dependencies faster than humans can vet them. The perimeter was never the problem. The ingredients were. We broke down where application layer security actually stands in 2026. substack.com/home/post/p-19… #OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

Speed is a competitive advantage, and security is a requirement. 🛡️💻 As GenAI scales, shadow AI is becoming a massive risk to proprietary IP. Private repositories are now the gold standard for securing the AI driven development boom. Insights via @AppDevMag: ✅ IP Sovereignty ✅ AI Governance ✅ Risk Mitigation Read more: buff.ly/em8XVXm #GenAI #CyberSecurity #DevSecOps #TechLeadership

RSAC 2026 made one thing clear: Security teams are hitting a wall. Faster reaction is no longer the answer. Here are the 4 key takeaways from ActiveState: Reactive security has peaked. CVE triage is exhausting teams. We need cleaner foundations, not faster patches. Visibility is the biggest hurdle. Many teams still don't know where their open source lives. You can't secure what you can't see. AI is outdistancing its supply chain. Rapid AI adoption is leaving the underlying open source libraries unexamined and at risk. Curation is the new prevention. Shifting to a verified base of packages stops the firefighting before it starts. The goal for 2026: Reduce the number of things that require a response in the first place. Read the full report here: buff.ly/tmo7nyb #RSAC2026 #CyberSecurity #OpenSource

The axios attack highlights a gap that scanners alone can't bridge. When a hijacked credential pushes a RAT directly to a registry, the code has no provenance and no history. We need to pair our detection with immutable, built-from-source open source software to stay ahead. Full story: activestate.com/blog/axios-npm…

ActiveState Employee Spotlight: We’re proud to highlight Jonny Rivera, our Director of Product, who brings a collaborative and customer-focused approach to the ActiveState team. Jonny plays a key role in listening to our users to help define the features that will make the most impact in the year ahead. By partnering across the organization to turn ideas into reality, Jonny ensures we deliver solutions in the order that benefits our clients most. Join us in celebrating Jonny! #EmployeeSpotlight #TeamActiveState #OpenSourceSecurity #Leadership #TechCommunity

Is your software built on a fragile foundation? ActiveState CEO Abby Kearns breaks down why the weakest link in your pipeline is the 1K+ open source dependencies pulled from the internet daily. “The software supply chain is a community effort, and it requires a fundamental shift in mindset.” - Abby Kearns Read her full thoughts: buff.ly/umH0RSs #CISO #InfoSec #SoftwareSupplyChain #ActiveState

Don’t let the security-velocity gap slow your innovation. When AI accelerates your development cycles, smart security ensures your foundation remains rock solid. As the article notes: The goal is a world where a developer can get a secure, reproducible, known-good environment in minutes. Read why the AI shift is a win for proactive security: buff.ly/skW7pvO #DevSecOps #OpenSource #SoftwareEngineering #ActiveState

Stop confusing "detection" with "protection." 🛑 If you’re pulling open source from the public internet and relying solely on a scanner, you’re operating behind the curve. @ActiveState’s Jonny Rivera explains why scanners ≠ proactive security. Watch the full interview: buff.ly/TiIYTHz For the security pros: If your scanner flags a vulnerability after the package has been integrated, the breach window is already open. Are you actually secure, or are you just documenting your exposure? #CyberSecurity #OpenSource #SoftwareSupplyChain #ActiveState

AI is the ultimate force multiplier for your development team. To keep that momentum, security must move at the same speed. Sophisticated security provides the competitive edge that allows organizations to move faster and build bigger without the drag of manual audits. Explore the turning point for enterprise risk: buff.ly/skW7pvO #AI #TechStrategy #CISO

Open source is under attack. 🛡️💻 The TeamPCP breach proved that Scan and Pray is a failing strategy, and attackers are poisoning the tools we trust most. Don’t let your security posture be defined by the next CVE. Read more: buff.ly/tnW6xjn #CyberSecurity #OpenSource #DevOps #LiteLLM #AppSec #ActiveState

What does it take to lead security in a digital first world? Abby Kearns argues that the most successful CISOs are those who can bridge the gap between technical reality and business goals. “The goal of security is not to eliminate risk, but to enable the business to take the right risks” says Kearns. Check out her full take here: buff.ly/KpTCkhG #InfoSec #SecurityStrategy #CISO #TechLeadership

The open source paradox is here: 96% of enterprise apps rely on code that organizations do not fully control. ActiveState CEO Abby Kearns explains why sophisticated security is the only way to scale AI-accelerated development safely. Smart security serves as the ultimate catalyst for innovation and sustainable growth. Read more: buff.ly/umH0RSs #CyberSecurity #OpenSource #AI #TechLeadership

If we have learned one thing in twenty years, it is that you cannot secure a software supply chain with incomplete coverage of your stack. Chainguard moving into dependencies confirms the container was never the primary risk, but for the enterprise, the challenge is achieving full coverage without losing velocity. To manage and secure open source software effectively, you need provenance across a multi language stack. We compared our Curated Catalog against this new offering to help you see which provides the immutable foundation your production environment requires. Read the full breakdown: buff.ly/YHW7KcB

The modern CISO needs to be as fluent in business strategy as they are in threat vectors. ActiveState CEO, Abby Kearns, breaks down the shift from technical oversight to strategic business enablement. As Kearns puts it, “We are currently seeing a perfect storm of risk.” Read her full article to see what she thinks should be done about it. Full article: buff.ly/KpTCkhG #CISO #CyberSecurity #TechStrategy

Stop pulling unverified packages from the open internet and hoping for the best. 🕸️ 📉 Hope is not a security strategy. Discover how the world's largest secure OSS catalog is replacing the chaos of the public web with a rock solid DevSecOps pipeline. 🦾 Get the blueprint: buff.ly/rTt8FLD #InfoSec #SupplyChain #DevOps