Tenable has expanded its Tenable One Publicity Administration Platform to incorporate utility safety threat information, bringing utility safety findings into its wider publicity administration system.
The replace is meant to unify utility safety threat with different types of publicity information, permitting safety groups to evaluate software program flaws alongside infrastructure, cloud, identification and operational expertise dangers.
The platform now integrates static code vulnerability information and hyperlinks these findings with runtime programs and broader enterprise context. Tenable mentioned this offers organisations visibility from code improvement by way of to manufacturing environments, serving to groups establish which points pose an instantaneous enterprise threat.
The transfer displays a longstanding downside for safety and improvement groups: susceptible code can attain manufacturing earlier than it’s correctly reviewed. Tenable argued that the rising use of generative AI in software program improvement has added to that stress by growing the tempo of code releases whereas elevating the quantity of potential defects.
In lots of organisations, utility safety groups use separate instruments that don’t join software program flaws with the programs these flaws might have an effect on. That separation could make it tougher to find out whether or not a code difficulty has sensible penalties for a enterprise, significantly when safety groups should weigh utility flaws towards cloud misconfigurations, endpoint points and identification exposures.
Broader view
In keeping with Tenable, the platform ingests, analyses and normalises information from utility improvement and safety sources, together with AI utility safety instruments corresponding to Claude Safety. It additionally combines that info with telemetry from Tenable merchandise and information from different safety instruments, together with endpoint safety, cloud safety, vulnerability administration and operational expertise safety programs.
Enterprise context from repositories corresponding to configuration administration databases can be integrated. This permits safety groups to tie technical findings to particular belongings, programs and assault paths, and to evaluate which dangers must be addressed first.
The growth marks a push by Tenable to place publicity administration as a method to carry collectively safety information that has typically been dealt with in separate workflows. Moderately than treating utility safety as an remoted self-discipline, the corporate is framing software program flaws as one a part of a broader enterprise threat image.
That method is turning into extra essential as safety groups face rising volumes of alerts and vulnerabilities throughout completely different environments. A code weak point might not be equally pressing in each case, and its precedence can rely upon the place the affected utility sits, what information it touches and whether or not attackers have a sensible route to take advantage of it.
AI stress
Tenable linked the replace to a broader shift in software program improvement, during which AI-assisted coding instruments are serving to builders produce and launch software program extra rapidly. The corporate cited analysis from the Cloud Safety Alliance, which mentioned generative AI might help builders ship code three to 4 occasions sooner whereas doubtlessly introducing flaws at a a lot larger charge.
That pattern has put stress on safety groups to maneuver past reviewing utility points in isolation. If code is written and deployed extra quickly, the worth of prioritising solely by severity rating can diminish, significantly when groups have to know whether or not a flaw is uncovered in a dwell surroundings or related to a important enterprise system.
Software safety information integrations are actually out there to all Tenable One clients. Tenable mentioned the replace is meant to maneuver clients from reactive utility scanning in direction of a mannequin that prioritises threat primarily based on the seemingly impact of a vulnerability throughout the broader assault floor.
Eric Doerr, chief product officer at Tenable, outlined the rationale for the growth in a press release accompanying the announcement.
“Bringing utility safety information into Tenable One, we’re giving our clients the context they have been lacking,” Doerr mentioned.
“Safety groups need not wade by way of a sea of vulnerabilities. With Tenable One, safety groups know precisely the place they’re uncovered the second an publicity is created, whether or not an agentic AI safety software discovers a brand new zero-day in an open-source library or human error introduces threat. For the primary time, safety groups can see code flaws and prioritise remediation actions alongside all different types of threat for simpler threat discount,” he added.









