ThreadFix 1.2 RC3 Now Available

ThreadFix_72

The ThreadFix product development team has been hard at work since our ThreadFix 1.2 RC2 released in late July and today we’ve made a 3rd 1.2 Release Candidate available for users and organizations to download and put it through its paces. This update includes some great new features like: file attachments, severity filtering, support for Dependency Check, and a ton of bug fixes and enhancements. This release is intended for users who want to try out the new version and help identify any remaining bugs prior to the 1.2 official release. We welcome any and all feedback. Please report any bugs you might find into our Google Code Issue Tracker.

What’s new in ThreadFix 1.2 RC3?

  • Ability to attached files & documents (per application and per vulnerability) 57
  • Import historical WhiteHat data; previously only pulling in opened vulnerabilities. 287
  • Allow admins to toggle vulnerability severities to be included in/excluded from reporting 289
  • New report: Listing of all vulnerabilities 290
  • Support for Dependency Check 312
  • Implement severity import filters (based on CWE type) 329
  • Implemented breadcrumbs on Application and Team filters pages 355
  • Scan details page should include/show stats for hidden vulnerabilities 356
  • Various bug fixes and enhancements

So – please take a look at ThreadFix 1.2RC3 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.

–Dan

dan _at_ denimgroup.com

@danielcornell

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *