Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)


We recently announced the SBIR Phase 1 contract we won with the Department of Homeland Security (DHS) to do research into Hybrid Analysis Mapping (HAM). This research is investigating better ways to integrate the results of static and dynamic security scanning tools and we are in the process of integrating this research into the ThreadFix open source application vulnerability management platform. We spoke with a number of folks in the press who provided an expanded view of what we are working on and I wanted to highlight some of that coverage here.


Chris Preimesberger from eWeek wrote an article titled “Homeland Security Awards Grant for ThreadFix Development” where he talks about the various capabilities provided by ThreadFix, how software security impacts critical US infrastructure, and how the work we are doing helps to accelerate the software vulnerability remediation process. [One minor note – the work we are doing with DHS isn’t technically a “grant.” Rather, it is a contract to do research under their Small Business Innovation Research (SBIR) program.]

Also, James A. Denman from wrote an article titled “Security Test Researcher Funded by US Department of Homeland Security” where he looks at the challenges associated with Hybrid Analysis Mapping (HAM) as well as the difficulties organizations face when trying to actually resolve identified vulnerabilities.

It is good to see both the press and industry taking a greater interest in an organization’s need to fix the vulnerabilities that various scanning tools are identifying in their software and we’re thrilled to be helping move the state of the industry forward.

Contact us to talk about ways this research and ThreadFix can help you get the most out of the scanning tools you’re using in your organization.


dan _at_


About Dan Cornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

One Response to "Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)"

Leave a reply