We’ve been hard at work on ThreadFix since the 1.0 release in October and we’re just about ready to push out an updated 1.1 release. This week we’ve made a 1.1 release candidate available for folks to take a look at and review. You can get it from the ThreadFix downloads site.
What’s new in 1.1? Lots of stuff including:
- Support for NTObjectives NTO Spider scans (#162)
- Support for Microsoft Team Foundation Server (TFS) bug trackers (#117)
- Adding user comments for vulnerabilities (#55)
- Editing of manually-entered vulnerabilities (#160)
- “Filter by CWE” for vunerabilities(#163)
- Updated security model to allow for fine-grained user permissions (#56) (this has been a huge priority for the larger enterprises deploying ThreadFix)
- Updated Snort rule generation (#113)
- Updated license from MPL 1.1 to MPL 2.0 (#181)
- Various updates and bug fixes and enhancements (#159, #168, #176, #196)
You can see the full list of features and defects addressed during the 1.1 development cycle in the issue tracker. We’ve posted information on the ThreadFix wiki about how to upgrade your ThreadFix 1.0.1 install to 1.1 and would love to hear any feedback from people going through that process. So take a look and please post any thoughts or bugs either on the ThreadFix issue tracker or join the ThreadFix Google Group and let us know there.
dan _at_ denimgroup.com