Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)

FacebookLinkedInTwitter

We recently announced the SBIR Phase 1 contract we won with the Department of Homeland Security (DHS) to do research into Hybrid Analysis Mapping (HAM). This research is investigating better ways to integrate the results of static and dynamic security scanning tools and we are in the process of integrating this research into the ThreadFix open source application vulnerability management platform. We spoke with a number of folks in the press who provided an expanded view of what we are working on and I wanted to highlight some of that coverage here.

Eweek_logo

Chris Preimesberger from eWeek wrote an article titled “Homeland Security Awards Grant for ThreadFix Development” where he talks about the various capabilities provided by ThreadFix, how software security impacts critical US infrastructure, and how the work we are doing helps to accelerate the software vulnerability remediation process. [One minor note – the work we are doing with DHS isn’t technically a “grant.” Rather, it is a contract to do research under their Small Business Innovation Research (SBIR) program.]

Search_software_quality_logo
Also, James A. Denman from SearchSoftwareQuality.com wrote an article titled “Security Test Researcher Funded by US Department of Homeland Security” where he looks at the challenges associated with Hybrid Analysis Mapping (HAM) as well as the difficulties organizations face when trying to actually resolve identified vulnerabilities.

It is good to see both the press and industry taking a greater interest in an organization’s need to fix the vulnerabilities that various scanning tools are identifying in their software and we’re thrilled to be helping move the state of the industry forward.

Contact us to talk about ways this research and ThreadFix can help you get the most out of the scanning tools you’re using in your organization.

–Dan

dan _at_ denimgroup.com

@danielcornell

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

One Response to "Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)"

Leave a reply