In November of 2025, ServiceNow unveiled a big change that is coming to the Vulnerability Response ecosystem. The change represents the rearchitecting of the Vulnerability Response application to effectively combine the configurations for Vulnerability Response (VR), Application Vulnerability Response (AVR), and Container Vulnerability Response (CVR) under a single umbrella, which ServiceNow is calling Unified Security Exposure Management (USEM).
The USEM upgrade of VR (v.30) is already available for customers to use and according to ServiceNow will become mandatory for all customers by the end of 2026. This new announcement represents the single greatest change to the application architecture since VR was released, and every customer should pay careful attention to the upcoming change as it requires migration steps in order to shift over to the new feature set.
This article is the first part in a series on the USEM upgrade, and in this article we will talk about the "why" behind the USEM upgrade and what it means to the enterprise customer. Let's dive in further.
Why is ServiceNow even releasing USEM?
There are two primary reasons why the USEM upgrade is being released:
- Consolidating configurations for VR/AVR/CVR under a single architectural umbrella
- Providing a visibility framework for enterprise vulnerabilities across infrastructure, app, and cloud
We are going to talk about each item in greater detail below.
Reason #1: Consolidating VR/AVR/CVR under a single umbrella
If you have some familiarity with VR/AVR/CVR then you probably have seen that the applications share some unique capabilities for creating and managing vulnerabilities. For example, all three applications contain some version of the below capabilities:
- Assignment Rules — which govern how vulnerabilities are assigned
- Risk Score Calculator — functionality that defines how vulnerabilities receive their risk score and risk ratings
- Exception Management — processes that determine how exceptions are generated and approved
- And more across each application
This architectural model works sufficiently, but one distinct characteristic of how it currently operates is that these configurations are largely tracked separately, which can add a layer of obfuscation to understanding vulnerability management posture at an enterprise level.
When a vulnerability manager goes to check their Assignment Rules for Vulnerability Response, they will only see the configurations for VR and none of the other applications.
There is no single place where a power user can easily see and configure all assignment rules across all of the VR/AVR/CVR applications. This is the opportunity that ServiceNow is looking to unlock. After upgrading to USEM, in many cases these configuration areas will be moved into shared domains that will allow admins to compare processes across the different applications.
Reason #2: Unified visibility across infra, app, and cloud
Currently within the VR/AVR/CVR space, there is no way to combine all data of the respective vulnerabilities into a single dashboard that allows for deep understanding of vulnerabilities across the three separate domains. ServiceNow is looking to address this capability with USEM.
ServiceNow's new workspace with the USEM upgrade is called the Unified Security Exposure Management Workspace. It will effectively be a workspace that grants users the capability to run reports across all vulnerability data (VR/AVR/CVR). This will allow greater transparency for enterprise vulnerability managers to gain insight across the infrastructure, app, and cloud domains in a single unified data visualization capability.
Where to from here?
In conclusion, ServiceNow is releasing the USEM upgrade to allow for greater ease of managing the configurations that govern the workflow behind the VR/AVR/CVR applications and drive greater consolidation across enterprise exposure through data visualization and workspaces. Understanding USEM is the first step in preparing for a successful enterprise migration.
If your organization wants help preparing for the USEM upgrade, get in touch — we run structured assessments and full migration support as part of our SecOps practice.