ThreadFix Elevates Application Security Concerns to C-Suite through Governance, Risk and Compliance

Key Enhancements Provide Organizations with the Ability to Assess Vulnerabilities and Prioritize Risks in Real Time; Supporting IAST, CLM and GRC Technologies

Denim Group, the leading secure software development firm, today announced the latest version of ThreadFix, the company’s application security vulnerability management tool for developers and security professionals. ThreadFix, a proven solution enabling developers to quickly fix application vulnerabilities, now can provide application vulnerability information to leading Governance, Risk and Compliance (GRC) tools for better application risk management at the enterprise level. This places application security squarely in front of security operators and risk management decision makers for inclusion, analysis and comparison with all other risk information.

In addition to providing unmatched, centralized application security vulnerability management, this new version offers added support for coordinating static and dynamic application security testing while integrating newer technologies like Interactive Application Security Testing (IAST) and Component Lifecycle Management (CLM). When vulnerabilities are identified during the development process, they are immediately sent to the ThreadFix dashboard. From there, organizations can assess the context of the vulnerability and prioritize the risk level before placing it in the queue to remediate. Vulnerabilities can also be translated to developer tools the organization is already using.

Driven by client interaction, reporting has been enhanced to offer a customized view of vulnerabilities based on an organization’s specific needs and preferences, said Dan Cornell, CTO at Denim Group. Enhanced filters, more sophisticated analysis and a powerful reporting engine make producing tailored reports based on the most serious vulnerabilities, simple and easy. ThreadFix has also made tremendous strides to enhance reporting and customize previously available features. As a result, software risk managers are able to make more informed decisions involving application risk in real time.

Enhanced under a U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate (SBIR) contract, Hybrid Analysis Mapping (HAM) in ThreadFix automates the matching and merging of report results from dynamic and static scanners. ThreadFix’s latest features make it the first product in the industry to provide a comprehensive and easy-to-understand view of the state of an organization’s application security. Security managers are now able to more effectively use existing tools to save time and minimize reporting duplication and time. ThreadFix dashboards provide application-level views of vulnerability trends, the most vulnerable applications, and recent scan activity and collaboration.

The ThreadFix Enterprise Edition supports the needs of large-scale organizations by offering compliance reporting for PCI and HIPAA, Active Directory integration, scan orchestration, and phone and email support. Enterprises that require greater scale and are responsible for maintaining reporting on compliance can benefit from implementing ThreadFix in their development process. Denim Group also hosts an open source version of ThreadFix on GitHub, facilitating an open forum discussion in the software development community coming together over the ability to work with the software and plugins associated with it, specifically ZAP and Burp.

About Denim Group

Denim Group is the leading secure software development firm that is a trusted advisor to organizations on matters of software risk and security. The company builds secure software for the most security conscious organizations and helps others assess and mitigate risk of their existing software. Denim Group’s flagship ThreadFix product accelerates the process of software vulnerability remediation and reflects Denim Group’s deep understanding of what it takes to fix application vulnerabilities faster. Denim Group is a frequent contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. The company has been recognized as one of the 5,000 Fastest Growing Private Companies by Inc. Magazine five years in a row and has won multiple awards including its accolades as one of the best places to work in San Antonio. For more information about Denim Group visit www.denimgroup.com.