惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东
A
About on SuperTechFans
Stack Overflow Blog
Stack Overflow Blog
雷峰网
雷峰网
Microsoft Azure Blog
Microsoft Azure Blog
腾讯CDC
爱范儿
爱范儿
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】
V
Visual Studio Blog
有赞技术团队
有赞技术团队
U
Unit 42
D
Docker
小众软件
小众软件
F
Full Disclosure
I
Intezer
Scott Helme
Scott Helme
P
Privacy International News Feed
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
Google DeepMind News
Google DeepMind News
B
Blog
Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Spread Privacy
Spread Privacy
宝玉的分享
宝玉的分享
S
Security Affairs
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
Schneier on Security
Schneier on Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Threat Research - Cisco Blogs
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
H
Heimdal Security Blog
N
Netflix TechBlog - Medium
H
Hacker News: Front Page
P
Proofpoint News Feed
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
S
Schneier on Security

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform
Darin Zook · 2026-05-23 · via VMware Blogs

The security landscape just shifted under our feet – again. Over the last 18 months, AI-assisted vulnerability discovery has compressed the timeline from novel CVE published to weaponized exploit in the wild from weeks down to hours. Researchers (and bad actors) are now using LLMs to chain together previously unrelated weaknesses into novel zero-day attack paths. The volume of disclosed vulnerabilities keeps climbing, and the half-life of “unpatched, but probably fine” is collapsing.

For platform engineers, this means the old rhythm of quarterly patch windows, hand-rolled CVE spreadsheets and “we’ll get to it after the next release,” is no longer a defensible posture. The only durable answer is the boring one: Rapidly apply first-party, vendor-supplied, vendor-supported security fixes across the entire estate before the chained exploit lands in your environment.

The problem isn’t whether to patch. It’s knowing what to patch, where it lives, and how to quickly roll it out without disrupting the business. With VMware Tanzu Platform 10.4, this can all be done across your entire Tanzu Platform foundation fleet, in a single workflow.

Figure 1: The Tanzu Platform vulnerability insights dashboard in Tanzu Hub delivers fleet-wide visibility of vulnerability exposure within your Tanzu Platform application estate.

The DIY tax on patching, revisited

I wrote last year about the daunting questions platform engineers faced when a critical CVE drops in a DIY environment. Where did it come from? Which of our components are affected? Which applications are at risk? How do we fix it without breaking everything? Those questions haven’t gone away. What’s changed is the clock. When attackers can use AI to enumerate exposed surface area at scale and chain low severity CVEs into high severity exploits, “we’ll triage at that next sprint” stops being a viable strategy. 

Using traditional, third-party vulnerability scanners to detect vulnerabilities across your Tanzu Platform environments give you a wall of CVEs without telling you which buildpack, stemcell or tile is the actual source or which applications need restaging to pick up a fix. Platform engineers end up having to reverse engineer the relationship between the published CVE and their own running estate. That manual correlation work is exactly where days (or even weeks) get burned. That’s time wasted, and time you don’t have. 

Assess first, then act

The first step toward a strong posture isn’t patching; it’s knowing what you have, whether it’s vulnerable, supported, or end of life. You can’t fix what you can’t see. 

With Tanzu Platform, Tanzu Hub gives you these details and helps you act on them. Deploy Tanzu Hub and connect it to your existing foundations, and within minutes it begins reporting the full posture of every Tanzu Platform-managed component across the estate: Buildpacks, stemcells, stacks, services, images, first-party tiles and foundation management artifacts. No scanners running inside your foundations. No agents to deploy on workloads. Tanzu Platform’s vulnerability insights dashboard enables you to see:

  • Exact component attribution: Not “something in x VM is vulnerable” but instead “this version of this buildpack, used by these 47 apps, has this CVE.”
  • Application-to-component relationships: When a new buildpack version drops, you know precisely which apps need to be restaged to pick it up, and enables you to restage those apps in bulk.
  • In-context triage: Tanzu’s in-house analysis augments raw CVE feeds with CycloneDX statuses like Affected, Fix Available, or Not Affected: Code not reachable, so you’re not chasing phantom criticals. 
  • Support status: Which versions are approaching the end of general support, so you can plan ahead instead of getting surprised.

If you’ve ever spent a Friday night grepping CycloneDX SBOMs trying to determine whether Log4j is hiding in your environment, this is the dashboard you wanted. 

Figure 2: A screenshot shows vulnerability impacts to a binary_buildpack version that currently affects 3 running applications. Using the Tanzu Platform vulnerability insights dashboard, a platform engineer can understand the applications impacted, severity, triage status, and if an upgrade version is available containing the fix. 

And for regulated, air-gapped, or otherwise internet-restricted environments (financial services, public sector, defense, etc), Tanzu Hub supports updating vulnerability data without an outbound internet connection, so the same visibility applies whether your foundation sits in a public cloud region or fully air-gapped. 

From assessment to action: Upgrade planner

Knowing what to patch is half the win. The other half is sequencing fleet-wide rollout that respects compatibility, EOGS dates, and the realities of your change windows. That’s where vulnerability insights and upgrade planner come together, and in Tanzu Platform 10.4, the integration is where the value really compounds. 

From the vulnerability insights dashboard in Tanzu Hub, a platform engineer can click “View Remediations,” pick a target foundation, and see in real-time (against the actually-installed versions) exactly how many components have available remediations, what percentage of CVEs an upgrade will address, and how much of the foundation that it touches. One more click, opens Upgrade Planner with that foundation pre-populated, the latest patch goal preselected, and a generated plan that includes:

  • Upgrade paths that ensure compatibility with Foundation Core and other product dependencies.
  • End of General Support (EOGS) dates for current and target versions.
  • The number of CVEs each upgrade resolves.
  • A phased sequence that maintains compatibility across all products in scope.

Want a Long Term Support-based plan instead of the latest Tanzu Platform patch? Toggle the upgrade goal. Want to validate against a refreshed read of the foundation? Click Regenerate Plan. Want to hand it to your change advisory board? Export it. 

Figure 3: New upgrade planner integration in Tanzu Hub provides upgrade paths that ensure compatibility with Foundation core and product dependencies, EOGS dates, CVE resolution, and more. 

And in Tanzu Platform 10.4, the platform expands what’s possible without a full control plane upgrade. Stack and Buildpack upgrades can now be applied independently, and tile upgrades can now run in parallel. Translation: The path between “a critical CVE was disclosed this morning” and “the patched Buildpack is running across the fleet” is shorter than it’s ever been. 

A note for developers: Platform engineers aren’t the only ones who benefit. Tanzu Platform 10.4 also introduces a tailored app-first view in Tanzu Hub that surfaces the same vulnerability data (Tanzu Buildpack CVEs, Spring Library compliance, runtime stack status) alongside the app’s operational health. When a fix lands and an app needs to pick it up, developers can resolve it with a single “Restage” button. No application code changes required. Shared data, two audiences, one source of truth. 

Why now: The AI-driven security sprint

The reason this matters in 2026 is that AI is not just helping defenders; it’s helping attackers, and faster. The Tanzu Division’s General Manager, Purnima Padmanabhan, recently framed this in a recent article, and the dynamics are worth naming plainly:

  • Vulnerability discovery is accelerating because automated reasoning systems can audit codebases at a scale no human team can match. 
  • Exploit development is accelerating because the same systems can chain low-severity flaws into high-impact zero-day vulnerabilities. 
  • Patch windows have to shrink to match. 

The defensive answer isn’t a new scanner or another dashboard bolted onto the side of the SDLC. It’s a platform where assessment, remediation planning, and rollout are the same pre-engineered workflow, and driven by vendor-supplied fixes that come with vendor support behind them. That’s the entire point of a pre-engineered platform: The undifferentiated heavy lifting of staying secure is built in, not built by you.

This is also where the “Three R’s” we’ve talked about – Repave, Repair, and Rotate – stop being a concept, and become a daily operational reality. Tanzu Hub gives platform engineers the visibility and the emergency button to bulk restage all affected applications to remediate a critical vulnerability. When the next major CVE drops, you don’t need to discover where it lives, hand-build the upgrade matrix, and pray the rollout doesn’t break anything. You see it, you plan it, you ship it. 

The bottom line

A strong security posture in the AI era isn’t a matter of working harder on patches. It’s a matter of compressing the loop between detect, assess, plan, patch until it’s tight enough that an AI-assisted exploit can’t outrun your remediation cycle. 

Tanzu Hub is how you compress that loop. Connect your foundations, get a real-time read on the security posture of every Tanzu-managed component, and turn any one of those findings into a generated, compatibility-safe upgrade plan in just a few clicks. 

Read the blog: Learn how Tanzu Platform 10.4 extends the simplicity of a private cloud PaaS into the Agentic Era.

Watch the webinar: What’s New in Tanzu Platform 10.4 replay on demand.

Explore Tanzu Hub further: Dive into our deep-dive blog series to learn how Tanzu Hub unifies multi-foundation operations, optimizes workload placement, and provides visual, app-to-infra observability across your entire fleet.