ThreadFix 1.1 Release Candidate Now Available


We’ve been hard at work on ThreadFix since the 1.0 release in October and we’re just about ready to push out an updated 1.1 release. This week we’ve made a 1.1 release candidate available for folks to take a look at and review. You can get it from the ThreadFix downloads site.

What’s new in 1.1? Lots of stuff including:

  • Support for NTObjectives NTO Spider scans (#162)
  • Support for Microsoft Team Foundation Server (TFS) bug trackers (#117)
  • Adding user comments for vulnerabilities (#55)
  • Editing of manually-entered vulnerabilities (#160)
  • “Filter by CWE” for vunerabilities(#163)
  • Updated security model to allow for fine-grained user permissions (#56) (this has been a huge priority for the larger enterprises deploying ThreadFix)
  • Updated Snort rule generation (#113)
  • Updated license from MPL 1.1 to MPL 2.0 (#181)
  • Various updates and bug fixes and enhancements (#159, #168, #176, #196)

You can see the full list of features and defects addressed during the 1.1 development cycle in the issue tracker. We’ve posted¬†information on the ThreadFix wiki about how to upgrade your ThreadFix 1.0.1 install to 1.1 and would love to hear any feedback from people going through that process. So take a look and please post any thoughts or bugs either on the ThreadFix issue tracker or join the ThreadFix Google Group and let us know there.

Contact us for help managing your software security program with ThreadFix.


dan _at_


About Dan Cornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

Leave a reply