I wanted to extend a personal thanks to the invidivuals and organizations who have helped ThreadFix get to this point by providing funding, sending feedback, submitting bugs and otherwise just being a part of the growing ThreadFix community. Hearing from ThreadFix users is thrilling, occasionally humbling and always valuable for us. Feedback is the breakfast of champions, so we really appreciate hearing the good, bad and the ugly.
Denim Group
releases Vulnerability
Management Platform ThreadFix 1.1 With More Enterprise-Class Features to Meet Customer Demand
ThreadFix Aggregates Disparate Vulnerability Test Results And
Delivers A Prioritized List of Software Defects To The Development Team To
Secure Applications Faster & More Easily
SAN ANTONIO, TX – March 25, 2013 - Denim Group,
the leading secure software development company, today announced ThreadFix 1.1, an intelligent open-source application
management platform
that imports test results from a variety of testing tools to present a
centralized view of the security status of corporate applications throughout
the organization. ThreadFix 1.1 has been
upgraded with a variety of enterprise-class capabilities, all sponsored by large
organizations eager to adopt this innovative platform into their organization
to speed up the securing of their customer-facing and internal
applications.
“Large
organizations are seeing the value of consolidating duplicate vulnerability
information generated by overlapping reports into a centralized dashboard,
enabling their teams to release applications into the marketplace that are not
only feature-rich but resilient and secure,” said Dan Cornell, Denim Group CTO.
“Having access to all the available information about a given
vulnerability in one spot improves the communications conduit between the
developers and security team to such a level that productivity is increased
without sacrificing quality, and that’s a win-win for the whole industry.”
ThreadFix
imports dynamic, static and manual testing results into a centralized console
that removes duplicate findings across multiple testing platforms to provide a
prioritized list of the security vulnerabilities for each corporate
application. These results can be
quickly exported into defect trackers used by the company’s software
developers, injecting these security tasks into their regular work flow. ThreadFix also uses this vulnerability data
to automatically generate web application firewall and IDS/IPS rules that
ensure sensitive corporate data is protected during the application repair
process. Based on alerts from these virtual patch rules, ThreadFix also tracks
current attack attempts, enabling the system to provide a real-world view of
the criticality of individual vulnerabilities. Finally, ThreadFix provides
trending reports, enabling team members as well as management to track and
improve productivity over time.
The new version
of ThreadFix is now compatible with several sophisticated tools to better
fulfill the needs of enterprise-wide application development teams. For example, in addition to the Bugzilla and
JIRA bug trackers, ThreadFix’s
prioritized and aggregated results can now also be exported
into Microsoft Team Foundation Server, the collaboration platform at the core of Microsoft's application
lifecycle management used in many enterprises. As a result of this integration, it is much
easier to work with both the developers and the security analysts as both teams
continue to use tools they already know.
The integration of both the NTOSpider and IBM Security AppScan Enterprise dynamic analysis testing platforms
as well as the static analysis IBM Security AppScan Source tool enables ThreadFix to now import testing results from more than 20
software security testing tools and services, making ThreadFix useable to a
wider number of organizations.
ThreadFix 1.1 also offers a tighter integration
with Lightweight Directory Access Protocol (LDAP) and Microsoft
Active Directory (AD) authentication protocols enabling ThreadFix to
be better integrated inside of the enterprise workflow. As a result, ThreadFix
users can now be included in the centralized enterprise management system
provided by LDAP and AD to
manage user accounts. The corporation’s software
developers and security experts that use ThreadFix across the enterprise will
no longer need to manage multiple users IDs and passwords. The integration also allows access rules to
be applied based on a “need-to-know” basis to better reflect real-world team
roles to further improve the organization’s overall security posture.
ThreadFix also now allows security and development teams to add comments and context
to individual vulnerability content, enabling meaningful two-way communications
that enhance the quality
of remediation efforts. The individualized notes decrease team distractions
while improving internal communication about the code’s content. The result is shorter development and test
cycles, once again, accelerating the application vulnerability resolution
process.
With these multi-tool and multi-team capabilities, ThreadFix is setting
the standard for application
security management within organizations of all sizes. Initially released in September of 2012, the open-source
application has been downloaded over two thousand times and has been used to
successfully reduce the time required to fix critical application software
vulnerabilities. The product’s growing momentum with several Fortune 500 and
government organizations demonstrates how large enterprises are embracing
ThreadFix as a critical enabling platform to more effectively manage
application software security programs.
Immediately
available, ThreadFix 1.1 can be downloaded through the following link: http://www.denimgroup.com/threadfix. Denim Group also offers additional commercial
support and implementation services for organizations deploying ThreadFix. To
learn more, contact Denim Group at sales@denimgroup.com or (210) 572-4400.
About
Denim Group
Denim Group
is the leading secure software development firm. The company builds custom
large-scale software development projects across multiple platforms, languages
and applications. What makes Denim Group unique is that the company brings
significant core competencies in software security to the table, offering an
innovative blend of secure software development, testing and training
capabilities that protect a company's biggest asset, its data.
Denim Group customers span
an international client base of commercial and public sector organizations
across the financial services, banking, insurance, healthcare and defense industries. Its depth of
experience building large-scale software development systems in a secure
fashion has made the company’s leaders recognized experts in their fields.
Denim Group has been recognized as one of the 5,000 Fastest Growing Company’s
by Inc. Magazine five years in a row, and has won multiple awards including its
recent accolades as one of the best places to work in San Antonio. For more
information about Denim Group visit http://www.denimgroup.com.
###
Denim Group is a registered service mark of Denim
Group, Ltd. Other names and brands may be claimed as the property of others.
