ThreadFix Application Vulnerability Management

Post: Meet the Denim Group RSA 2018 Travel Team

  It is that time of year. RSA is always a great event – the way it concentrates people in our industry makes it a fantastic opportunity to meet with clients, prospects, partners, press, analysts, and the ever-sought-after “thought leaders.” There is also a bit of a nonsense that has grown up around the RSA […]

Post: HotSpot: Finding Vulnerabilities in Shared Internally-Developed Code

  We recently announced the release of ThreadFix 2.4 which includes our patent-pending HotSpot technology that identifies where internal teams are sharing code among themselves and where that code has vulnerabilities. Similar to what solutions like BlackDuck, Sonatype, and OWASP Dependency Check do for vulnerabilities in known open source components – but for code developed […]

Post: What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market

If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients can view it at https://www.gartner.com/doc/3376617/hype-cycle-application-security-). This is potentially a deeply important step for the application security market because it provides clarity around a set of […]

Post: Webinar: ThreadFix 2.4 Maximizing the Impact of Your Application Security Resources

We ran a webinar for the upcoming ThreadFix 2.4 Enterprise release. Slides and a video recording of the webinar are available here: ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources from Denim Group There were a couple of items that came up during the presentation where I wanted to provide some additional detail and links […]

Post: ThreadFix In Action: Discovering Your Organization’s Software Attack Surface (Web App Edition)

Many organizations use ThreadFix as the platform for running application security program – tracking their application portfolio and getting their applications under a cycle of regular security testing. But before you can start getting applications under security management, you have to know about them and get them installed in the system. In this post, we look […]

Post: ThreadFix In Action: Tracking Threats and Threat Models

ThreadFix is currently optimized to help with vulnerability management – importing vulnerability data from various sources, performing triage on the imported vulnerabilities, and then communicating the triaged vulnerabilities to the tools that developers use for resolution. Some organizations have also been using ThreadFix to help track their threat modeling programs. By using some of ThreadFix’s […]