By Dan Cornell
I'll be in Phoenix next week on Tuesday February 5th, 2013 speaking to the Phoenix OWASP chapter about ThreadFix.
Title: Using ThreadFix to Manage Application Vulnerabilities
ThreadFix is an open source software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. It imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows organizations to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. This presentation will walk through the major functionality in ThreadFix and describe several common use cases such as merging the results of multiple open source and commercial scanning tools and services. It will also demonstrate how ThreadFix can be used to track the results of scanning over time and gauge the effectiveness of different scanning techniques and technologies. Finally it will provide examples of how tracking assurance activities across an organization’s application portfolio can help the organization optimize remediation activities to best address risks associated with vulnerable software.
The meeting will be held from 6:30 - 7:30pm at the University of Advancing Technology 2625 W. BASELINE RD. TEMPE, AZ 85283-1056. For more information, check out the main OWASP Phoenix site.
dan _at_ denimgroup.com