Now product security teams can track CVE impact, manage advisories, and publish disclosures from a single platform, without the manual triage and guesswork that define legacy PSIRT workflows.
Austin TX, April 30, 2026 — DefectDojo, the leading open-source vulnerability management and security orchestration platform, today announced the launch of the PSIRT Advisory Engine (PAE), the first purpose-built platform designed specifically for Product Security Incident Response Teams. The new capability enables security teams to automatically ingest, match, prioritize security advisory feeds at scale, eliminating the manual, error-prone workflows that have defined PSIRT operations for years.
Until recently, PSIRT teams existed primarily within the largest technology companies, a market too niche for purpose-built tooling. That's changed. Regulations including the EU Cyber Resilience Act (CRA), FDA cybersecurity guidance for medical devices, ISO 21434 for automotive, and NIS2 are now mandating PSIRT capabilities across industries that never previously required them. More than 10,000 organizations are projected to need formal PSIRT infrastructure by 2028.
Security advisories are published around the clock from dozens of sources including CISA, NVD, RedHat, Exploit-DB, vendor RSS feeds, and more. For the small, specialized teams responsible for determining which of those advisories actually affect their organization's products, keeping up has historically meant checking RSS feeds every morning, maintaining spreadsheets with thousands of rows, and spending 30–60 minutes manually analyzing each advisory just to answer the most basic question: Are we impacted?
The PSIRT Advisory Engine redefines what is possible in Product Security Incident Response
"PSIRT teams are some of the most skilled practitioners in product security and they've been tasked with the impossible, the tedious, and the painful, until now," said Greg Anderson, DefectDojo CEO. "The PSIRT Advisory Engine gives them back their time and their focus. Now they can respond to incidents instead of hunting for them."
From Manual to Automated in Every Step of the Advisory Lifecycle
The PSIRT Advisory Engine sits between global advisory feeds and DefectDojo Pro, handling the full advisory lifecycle automatically:
Built for the Teams That Need It Most
The PSIRT Advisory Engine is designed to transform PSIRT for dedicated PSIRT teams and product security engineers across industries including technology, automotive, medical devices, telecommunications, critical infrastructure, defense, financial services, and IoT. For organizations already using DefectDojo Pro, adoption is a natural extension. Advisories flow directly into existing engagements and findings workflows, with status sync and tracking already in place.
For more information or to request a demo, visit www.defectdojo.com
About DefectDojo
DefectDojo is the open-source vulnerability management platform that turns security data into action. Trusted by security teams at organizations of every size, DefectDojo aggregates findings from 200+ tool integrations, automates manual workflows, and delivers AI-powered insights, giving teams a unified view of security posture and the clarity to act at scale. Built by practitioners for practitioners, it's the engine driving DevSecOps from strategy to execution. DefectDojo Pro extends the platform with advanced enterprise capabilities. Learn more at defectdojo.com or follow us on LinkedIn and GitHub.