ActiveState

@activestate
9 Followers
2 Following
128 Posts
ASPM for Taming Open Source Complexity and securing your software supply chain.
ASPM
Open Source
3SC
ActiveStateApr 28

ActiveState has sponsored the latest IDC Analyst Brief on open source software governance at scale. What the IDC Analyst Brief found: curated open source catalogs are the only governance model that intervenes at the point where the problem actually starts.

Learn more here: https://buff.ly/MhIARTY

IDC Analyst Brief | Securing Open Source at Scale: How Consumption Complexity Creates Supply Chain Risk

ActiveState commissioned this IDC Analyst Brief to examine how AI coding assistants and open source consumption complexity are outpacing enterprise governance programs, and what security leaders can do about it.

ActiveState
ActiveStateApr 15

Project Glasswing found a 27-year-old zero-day in OpenBSD. Autonomously.

The finding problem just got solved. The remediation problem just got harder.

Industry average MTTR for a critical CVE: 60+ days. More CVEs, same infrastructure. Do the math.

https://www.activestate.com/blog/project-glasswing-open-source-remediation-infrastructure/?utm_source=linkedin&utm_medium=organic_social&utm_campaign=fy26_q1_curated-catalog

#ProjectGlasswing #OpenSourceSecurity

ActiveStateApr 13

Securing the container was never the whole answer. The application dependencies inside it were always the risk.

In 2026, that gap has a name and a price tag.

https://www.linkedin.com/pulse/view-from-trenches-why-software-supply-chain-still-liability-7qrme/

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

ActiveStateApr 11

5 reasons your open source software strategy is a personal liability in 2026.
AI code volume broke the scan-and-pray model. Here's what's left exposed.

https://medium.com/@ActiveState_ASPM/the-five-horsemen-of-the-ai-code-apocalypse-why-your-current-open-source-software-strategy-is-a-78f5b7efe162

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

The Five Horsemen of the AI Code Apocalypse: Why Your Current Open Source Software Strategy is a…

The era of human scale development is over. In 2026, the velocity of synthetic code generation has turned the software supply chain into a…

Medium
ActiveStateApr 10

AI pulls open source dependencies faster than humans can vet them. The perimeter was never the problem.

The ingredients were.

We broke down where application layer security actually stands in 2026.

https://substack.com/home/post/p-193372464

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

The Illusion of the Clean Perimeter

The modern software development lifecycle is no longer operating at human scale.

ActiveStateApr 1

The axios attack highlights a gap that scanners alone can't bridge. When a hijacked credential pushes a RAT directly to a registry, the code has no provenance and no history. We need to pair our detection with immutable, built-from-source open source software to stay ahead.

Full story: https://www.activestate.com/blog/axios-npm-breach/

ActiveStateMar 20
Stop pulling unverified packages from the open internet and hoping for the best. 🕸️ 📉
Hope is not a security strategy. Discover how the world's largest secure OSS catalog is replacing the chaos of the public web with a rock solid DevSecOps pipeline. 🦾
Get the blueprint: https://medium.com/@ActiveState_ASPM/5-ways-the-worlds-largest-secure-oss-catalog-is-changing-devsecops-forever-df15b35528f8
#InfoSec #SupplyChain #DevOps
5 Ways the World’s Largest Secure OSS Catalog is Changing DevSecOps Forever

Open source powers 96% of modern applications, but for most DevSecOps teams, that power comes with a heavy price: vulnerability fatigue…

Medium
ActiveStateMar 19
96% of your code is open source. If your security strategy is just "hope and scan," you have a $1 trillion blind spot. 📉
We have unified 12+ language ecosystems into one secure golden path. 79 million components. Zero guesswork. High velocity. 🛡️🚀
Own your software supply chain security journey: https://www.linkedin.com/pulse/1-trillion-open-source-blind-spot-why-good-enough-security-6tqvc
#AppSec #OpenSource #TechTrends
ActiveStateMar 18
Imagine a world where your security backlog actually hits zero. 🎯
It starts by changing how you source open source. Say goodbye to the chaos of the public web and hello to a secure build pipeline that scales with you. 🛡️🦾
Own your code again: https://open.substack.com/pub/activestate1/p/the-end-of-security-debt-why-building
#AppSec #OpenSource #TechTrends
The End of Security Debt: Why Building from Source is the Only Way to Scale

The modern software supply chain is currently functioning on borrowed time.

ActiveState
ActiveStateMar 17

Empower your teams to build with total confidence from the very first line of open source code. 🛡️

ActiveState Curated Catalogs deliver up to 99% reduction in CVEs by providing vetted components rebuilt in our SLSA Level 3 compliant infrastructure. Accelerate your development with a trusted foundation that eliminates manual triage and noisy scanners and gives you the freedom to innovate at the speed of AI. 🚀

https://www.activestate.com/resources/press-releases/activestate-launches-curated-catalogs-to-neutralize-security-risks-in-ai-generated-code/?utm_source=twitter/x&utm_medium=organic_social&utm_campaign=fy26_q1_curated_catalog

#AppSec #CyberSecurity #ZeroTrust #ActiveState