Enables Organizations to Remediate While Minimizing Impact on Development Teams
Denim Group, the leading secure software development company, today announced that ThreadFix, its open source vulnerability management platform, was chosen by CSO Magazine’s Bill Brenner as one of the top 20 free tools to help organizations increase the security of their IT infrastructure by information and network security professionals in today’s industry.
ThreadFix presents a significant breakthrough for industry professionals as it is one of the first software vulnerability aggregation and vulnerability management systems to collect, normalize and centralize application vulnerability data in a single location, making it dramatically easier to manage software security programs within organizations while easing communications with the software development team.
ThreadFix aggregates vulnerability test results from disparate static and dynamic scanning tools as well as the results of manual penetration testing, code review and threat modeling to create a single comprehensive view of the security status of all applications within an organization. ThreadFix removes duplicate findings to provide a prioritized list of vulnerabilities. The results are exported into defect trackers used by the company’s software developers, injecting resolution of these security tasks into their regular work flow.
“This solves a significant industry issue because building security into applications is typically an afterthought in a world that is focused on getting product out the door as quickly as possible,” said Dan Cornell, Denim Group CTO. “ThreadFix translates the software vulnerabilities identified by security professionals into application defects being tracked by software developers while prioritizing the most important problems that need to be fixed. This dramatically streamlines the application vulnerability management process.”
“We’re thrilled to be recognized by CSO Magazine, a premier security media brand known for providing industry leaders with the information they need regarding security best practices and strategic management issues,” Cornell added. “We released ThreadFix under an open source license because we wanted it to be available to the widest audience possible and recognition such as this further advances that goal.”
Denim Group recently released an updated version of ThreadFix, which included a variety of enterprise-class capabilities requested by large organizations eager to adopt this innovative platform into their organization to speed up the securing of their customer-facing and internal applications. In addition to ThreadFix now working with additional sophisticated assessment tools to better fulfill the needs of enterprise-wide application security teams, ThreadFix 1.1 also offers a tighter integration with Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory (AD), enabling ThreadFix to be better integrated inside of enterprise workflows. In addition, ThreadFix also now allows security and development teams to discuss and add context to identified vulnerabilities, enabling meaningful two-way communications that enhance the quality of remediation efforts.
“The response we’ve received from the security and development communities since releasing ThreadFix last fall has been impressive,” said Denim Group Principal John Dickson. “The enhanced features and functionality we’ve made to the ThreadFix platform make the job of application vulnerability resolution even more straightforward than before and we are seeing even stronger enterprise demand for ThreadFix services and support. The commercial ecosystem this creates supports further advancement of the technology to more easily protect sensitive data and corporate assets with secure applications.”
About CSO Magazine
CSO provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more. CSO magazine and CSOonline.com are published by CXO Media Inc., which is an IDG (International Data Group) company.
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1,925 in Inc. Magazine’s 5000 Fastest-Growing Private Companies in America in 2010. For more information about Denim Group, visit www.denimgroup.com.