Denim Group Enhances ThreadFix to Deepen Application Vulnerability Management and Remediation Capabilities

December 9 Webinar will Demonstrate Latest ThreadFix Features and Detail Practical Steps for Accelerating Application Security Programs

December 11, 2014

4 Min Read


SAN ANTONIO--(BUSINESS WIRE)--Denim Group, the leading secure software development company, today announced the latest version of ThreadFix, the company’s software vulnerability management tool for application developers and security professionals. ThreadFix provides unmatched, centralized application vulnerability management and collaboration support across development and security teams - now aggregating the results of more software security scans and displaying a consolidated view of defects across development projects. With ThreadFix presenting even richer, contextual information to developers when they are coding on exactly where software vulnerabilities reside and what the specific problem is, time-to-fix periods are shortened dramatically in priority fashion, according to issues’ severity.

“Recent events are refocusing attention on application security in many organizations, as high-profile software weaknesses like Heartbleed and Shellshock – and chronic, costly flaws, such as SQL injection vulnerabilities – increase executives’ and project sponsors’ data breach concerns,” Dan Cornell, CTO of Denim Group, explained. “However, it takes more than secure coding awareness and vulnerability management plans, alone, to overcome logistical and process obstacles making it hard to quickly find and close vulnerabilities at scale. This is where tools like ThreadFix pay dividends, by helping developers and security staff close these gaps, centrally combine security testing results and keep track of workflows and resolutions confirming vulnerabilities are eradicated as soon as possible, once discovered.”

Cornell will lead a Denim Group webinar, titled “ThreadFix 2.1 & Your AppSec Program,” on Tuesday, December 9, 2014 at 12:00 p.m. CST. The webinar will detail the latest additions to ThreadFix and feature demos and real-world examples of how organizations across industries can scale-up application security programs bridging role, process and workflow gaps between IT security and software development teams. The webinar is free and registration is available here.

Enhanced with the support of a U.S. Department of Homeland Security (DHS) Hybrid Analysis Mapping research contract, ThreadFix’s latest features make it one of the first products in the industry to provide a comprehensive and easy-to-understand view of the state of an organization’s software security. New ThreadFix capabilities include:

  • ENHANCED VULNERABILITY ANALYTICS – ThreadFix 2.1 gives users powerful insights into the security state of their application portfolios by offering quick drill-down views on details about vulnerabilities exposing organizations to the greatest risks. For example, users can now filter vulnerability data by a number of factors such as severity, type, scanners, and current status and save custom filters for repeat use. An organization with a policy requiring all “critical” vulnerabilities to be addressed within 30 days, for example, could create a filter for this requirement and run routine reports to identify vulnerabilities violating the policy.

  • EXPANDED API CALLS – ThreadFix 2.1 gains a number of new API calls and API consistency enhancements, allowing organizations to script and automate even more interactions between their continuous integration environments, development tools, security scanners and the ThreadFix platform. Automation is critical for security analysts attempting to keep pace with the fast pace of development across sprawling application portfolios. Accordingly, analysts can now use the ThreadFix REST API to seamlessly automate interactions between disparate systems, eliminating manual repetitive tasks and freeing them to focus on more strategic activities, such as consulting with development teams and driving remediation efforts.

  • BROADER CONNECTIVITY WITH MORE TOOLS - ThreadFix 2.1 continues to lead the charge for cross-vendor application vulnerability management so that organizations can have a single, unified view into the security state of their applications, regardless of existing tools their teams use. For example, ThreadFix now adds or expands support for HP Quality Center, Version One, Cenzic/Trustwave Hailstorm, Checkmarx and Riverbed Stingray Web application firewall (WAF).

 In response to customer demand, Denim Group now offers ThreadFix Enterprise Edition, supporting large organizations’ dedicated software development and security demands. It also provides enhanced vulnerability reporting to address different industry sectors’ specific compliance requirements and offers additional tech support.


About Denim Group

Denim Group is the leading secure software development firm. The company builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure software developmenttesting and training capabilities that protect a company's biggest asset, its data. Denim Group customers span an international client base of commercial and public sector organizations across the financial services, insurance, healthcare, education, government and defense industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company’s leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Companies by Inc. Magazine five years in a row, and has won multiple awards including its accolades as one of the best places to work in San Antonio. For more information about Denim Group visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights