Latka logo

Top 53 Vulnerability Management Software SaaS Companies in May 2026

As of May 2026, there are 53 SaaS companies in Vulnerability Management Software. They have combined revenues of $852.2M and employ 6.6K people. They have raised $912.5M and serve 800 customers combined.

Vulnerability Management Software refers to tools and processes that help organizations identify, evaluate, and mitigate security vulnerabilities in their IT infrastructure. These solutions are essential for maintaining cybersecurity by regularly scanning networks, applications, and systems for potential risks and weaknesses. Typical use cases include continuous monitoring of networks for security flaws, prioritizing vulnerabilities based on risk, and facilitating the remediation of issues through automated patch management or reporting workflows. Key features often found in Vulnerability Management Software include automated scanning, assessment and prioritization of vulnerabilities, detailed reporting capabilities, and integration with other security tools such as patch management systems. Common buyer personas for such software include IT security teams, DevOps professionals, and compliance officers, who require reliable methods to secure their environments and ensure compliance with regulatory standards, thereby fostering a proactive security posture.

Companies
53
Revenue
$852.2M
Funding
$912.5M
Employees
6.6K

Filters

Sorting: Highest -> Lowest

Filters
Revenue
All<$1M$1M-$5M$5M-$10M$10M-$100M$100M+
Funding (Locked)Growth (Locked)Team-Size (Locked)

Top Vulnerability Management Software Companies

Showing 10 of 53 companies ranked by annual revenue.

1
Bugcrowd

San Francisco, California, United States

Operator of a crowd-sourced security platform intended to help organizations with a customized security testing program to bolster their security posture. The company's platform offers cost-effective and security testing programs to manage bug bounty, vulnerability disclosure and next-gen pen test programs, enabling clients to commission a customized security testing program that fits their specific requirements.

Revenue
$328.2M
Customers
-
Year founded
2012
Funding
$78.7M
Team size
2.8K
Growth
72.9%
2
Onapsis

Boston, Massachusetts, United States

Provider of a cyber-security and compliance platform designed to secure business-critical applications. The company's compliance platform includes preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data, enabling clients to seamlessly incorporate enterprise applications into existing risk and incident response management programs and automate the monitoring and protection of SAP and Oracle ERP, keeping them compliant and safe from insider and outsider threats.

Revenue
$93.5M
Customers
200
Year founded
2009
Funding
$115.6M
Team size
325
Growth
-
3
Cobalt

Boston, Massachusetts, United States

Pen Testing as a Service (PTaaS) platform

Revenue
$51M
Customers
600
Year founded
2013
Funding
$506.5M
Team size
497
Growth
81.96%
4
Horizon3.ai

San Francisco, California, United States

Horizon3.ai is a cybersecurity company specializing in autonomous penetration testing and vulnerability management. Its flagship platform, NodeZero™, helps enterprises prioritize defensive efforts against actual threats.

Revenue
$50.7M
Customers
-
Year founded
2019
Funding
-
Team size
258
Growth
-
5
YesWeHack

United States

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure. Bug Bounty programs benefit from in-house triage, personalised support, a customisable model and results-based pricing. Clients include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces. The YesWeHack platform offers a range of integrated, API-based solutions: Bug Bounty (crowdsourcing vulnerability discovery); Vulnerability Disclosure Policy (creating and managing a secure channel for external vulnerability reporting); Pentest Management (managing pentest reports from all sources); Attack Surface Management (continuously mapping online exposure and detecting attack vectors); and ‘Dojo’ (ethical hacking training). YesWeHack complies with strict security, financial traceability and privacy requirements. YesWeHack’s services are ISO 27001- and ISO 2701-certified and accredited by CREST. YesWeHack’s infrastructure uses EU-based, GDPR-compliant private hosting that meets the most stringent standards: ISO 27001, ISO 27017, ISO 27018, ISO 27701 and SOC II Type 2. The YesWeHack platform is also permanently subject to a public Bug Bounty Program. Find out more at www.yeswehack.com

Revenue
$38.2M
Customers
-
Year founded
2015
Funding
-
Team size
347
Growth
-
6
Black Kite

Boston, Massachusetts, United States

Black Kite provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management.

Revenue
$25M
Customers
-
Year founded
2016
Funding
$36M
Team size
127
Growth
101.53%
7
Zafran Security

New York, New York, United States

Developer of a threat exposure management platform designed to integrate with security tools and mitigate risk across the infrastructure. The company offers an agentless approach that reveals and remediates exploitable vulnerabilities, enabling users to reduce manual prioritization.

Revenue
$22.8M
Customers
-
Year founded
2022
Funding
-
Team size
125
Growth
-
8
SafeBreach

Sunnyvale, California, United States

Provider of a cyber-security platform intended to stimulate hacks on companies' systems to help them identify holes. The company's platform constantly runs breach simulations such as brute force and exploits malware on a client's network to theoretically and proactively locate and remediate security issues, enabling users to analyze the impact of attacks on a company's systems and the efficacy of its defenses.

Revenue
$21M
Customers
-
Year founded
2014
Funding
$53M
Team size
135
Growth
116.49%
9
Cyberint, a Check Point Company

United States

Cyberint, the Impactful Intelligence company, reduces risk by helping organizations detect and mitigate external cyber threats before they have an adverse impact. The Cyberint Argos platform’s patented technology provides superior visibility through continuous discovery of the evolving attack surface, combined with the automated collection and analysis of vast quantities of intelligence from across the open, deep and dark web. A team of global military-grade cybersecurity experts work alongside customers to rapidly detect, investigate, and disrupt relevant threats – before they have the chance to develop into major incidents. Global customers, including Fortune 500 leaders across all major market verticals, rely on Cyberint to protect themselves from an array of external risks, including vulnerabilities, misconfigurations, phishing, impersonation attacks, malware infections, exposed credentials, data leaks, fraud, and 3rd party risks.

Revenue
$18M
Customers
-
Year founded
2009
Funding
-
Team size
164
Growth
-
10
BreachLock Inc.

New York, New York, United States

Built by industry leaders, BreachLock enables you to find and fix your next Cyber Breach before it happens.

Revenue
$17.3M
Customers
-
Year founded
2018
Funding
$3.1M
Team size
122
Growth
83.17%

Inclusion Criteria

- The software must provide automated scanning capabilities for identifying vulnerabilities. - It should include features for assessing and prioritizing vulnerabilities based on risk. - Must offer integrated patch management or remediation workflows. - Should facilitate detailed reporting on vulnerabilities and remediation state. - Designed to support continuous monitoring of networks and systems. - Not simply vulnerability scanning; must also include assessment and remediation features.