Is a classic ASP application a security vulnerability for our environment?

If so, in what ways?

Is ASP still maintained for security vulnerabilities?