Posted by: Melanie Webb
defect tracking, defect tracking systems, Developers, DevOps, open source software tools, security threats
Application developers and security analysts can communicate and collaborate more easily using Denim Group’s new open source vulnerability management tool ThreadFix.
In a recent announcement, Denim Group explained that “ThreadFix imports the data from automated dynamic and static scanners as well as manual testing reports into a centralized platform.” This provides a single view into all application security vulnerabilities—information which is exported into a bug tracker tool that application developers are familiar with using.
Ultimately, ThreadFix decreased the time needed to repair software defects and uses a “virtual patch” in the form of a Web application firewall, to protect corporate assets while defects are being fixed.
“Denim Group’s ThreadFix is taking an innovative approach to application vulnerability management,” said principal analyst Eric Ogren of The Ogren Group. “ThreadFix’s normalization of data from multiple scanning sources brings much needed de-duplication to vulnerability reports, while the virtual patching of discovered application vulnerabilities significantly helps security teams protect corporate data from external threats. Organizations should look to technologies such as ThreadFix to accelerate the closing of dangerous security holes in applications.”
Dan Cornell, chief technology officer at Denim Group, added that ThreadFix is a “useful component of DevOps toolchain,” and that it enables teams much versatility when tools are able to communicate with each other.
In regards to cloud environments, he explained, “If an organization is using cloud-based testing providers– such as Veracode, WhiteHat or Qualys– they can use ThreadFix to pull data from those cloud providers’ APIs and merge it with results from other non-cloud-based security testing activities.”
Furthermore, Cornell said, “If an organization has both in-house-hosted applications as well as cloud-based providers where they need to do security testing for compliance purposes, they can use ThreadFix to store the results of the testing of cloud-based systems alongside the testing they perform for custom-developed applications.”
To read more about the recent release of ThreadFix, see ThreadFix: Open source defect management tool speeds security vulnerability fixes.
To learn more or to download ThreadFix, visit the Denim Group resource page.