Rethinking Post-Deployment Vulnerability Detection

Join us in Minnesota on May 21, 2026 for OpenSSF Community Day!

By Tracy Ragan

Over the past decade, the IT community has made significant progress in improving pre-deployment vulnerability detection. Static analysis, Software Composition Analysis (SCA), container scanning, and dependency analysis are now standard components of modern CI/CD pipelines. These tools help developers identify vulnerable libraries and insecure code before software is released.

However, security does not end at build time.

Every successful software attack ultimately exploits a vulnerability that exists in a running system. Attackers can and do target code repositories, CI pipelines, and developer environments; these supply chain attacks are serious threats. But vulnerabilities running in live production systems are among the most dangerous because, once exploited, they can directly lead to persistent backdoors, system compromise, lateral movement, and data breaches.

Rethinking Post-Deployment Vulnerability Detection | OpenSSF

Related reading

Vulnerability Management: Using Runtime Context | OpenSSF

Secure Your Spot: The OpenSSF Community Day North America 2026 Agenda is Live!…

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

Introducing deepsec: The security harness for finding vulnerabilities in your…

Using continuous purple teaming to protect fast-paced enterprise environments

OpenAI Introduces Daybreak: A Cybersecurity Initiative That Puts Codex Security…