Tenable One Integrates Code-Level Risks into Exposure Management
Tenable's Exposure Management Platform now unifies application security risks with enterprise-wide exposure data, offering code-to-runtime visibility.

Tenable has announced a significant expansion of its Tenable One Exposure Management Platform, integrating application security risks directly with broader enterprise exposure data. This enhancement aims to provide a holistic view of an organization's attack surface by incorporating static code vulnerability data, thereby bridging the gap between code development and runtime operations.
The move addresses a persistent challenge in the cybersecurity landscape: the rapid deployment of vulnerable code into production environments. This issue is reportedly exacerbated by the increasing use of generative AI tools, which can accelerate development cycles significantly but also introduce flaws at an accelerated rate. Traditional security approaches often rely on siloed solutions for application security and infrastructure, leading to a lack of contextual intelligence needed to assess the true risk posed by code vulnerabilities.
To combat this, Tenable One now ingests and analyzes data from a wide array of application development and security sources, including AI-powered security tools. The platform unifies this telemetry with data from other security domains such as endpoint protection, cloud security, vulnerability management, and operational technology. Crucially, it also integrates vital business context from sources like configuration management databases (CMDBs), enabling a more comprehensive understanding of enterprise risk and facilitating faster remediation prioritization.
This expansion shifts the paradigm from reactive application scanning to proactive risk management. By connecting code-level risks to the specific runtime systems, cloud workloads, identities, and potential attack paths they impact, Tenable One provides security teams with actionable insights. The goal is to move beyond simply identifying vulnerabilities to understanding their real-world business implications.
Eric Doerr, Chief Product Officer at Tenable, highlighted the platform's ability to provide missing context. "Security teams don’t need to wade through a sea of vulnerabilities," Doerr stated. "With Tenable One, security teams know exactly where they are exposed the moment an exposure is created – whether an agentic AI security tool discovers a new zero-day in an open-source library or a human error introduces risk."
Doerr further emphasized the platform's capability to consolidate diverse risk information. "For the first time, security teams can see code flaws and prioritize remediation actions alongside all other forms of risk for more effective risk reduction," he concluded. This unified approach aims to streamline security operations and improve the overall posture of organizations navigating increasingly complex digital environments.
The integration of code security into a broader exposure management strategy is particularly relevant in an era where development speeds are increasing, and the attack surface is constantly expanding. By providing a unified view from code to cloud, Tenable One seeks to empower organizations to better manage their evolving risk landscape.