Having access to all the information about a vulnerability in one spot improves communications between the developers and security team increasing productivity without sacrificing quality, and that’s a win-win for the whole industry
San Antonio, Texas (PRWEB) March 25, 2013
Denim Group, the leading secure software development company, today announced ThreadFix 1.1, an intelligent open-source application management platform that imports test results from a variety of testing tools to present a centralized view of the security status of corporate applications throughout the organization. ThreadFix 1.1 has been upgraded with a variety of enterprise-class capabilities, all sponsored by large organizations eager to adopt this innovative platform into their organization to speed up the securing of their customer-facing and internal applications.
“Large organizations are seeing the value of consolidating duplicate vulnerability information generated by overlapping reports into a centralized dashboard, enabling their teams to release applications into the marketplace that are not only feature-rich but resilient and secure,” said Dan Cornell, Denim Group CTO. “Having access to all the available information about a given vulnerability in one spot improves the communications conduit between the developers and security team to such a level that productivity is increased without sacrificing quality, and that’s a win-win for the whole industry.”
ThreadFix imports dynamic, static and manual testing results into a centralized console that removes duplicate findings across multiple testing platforms to provide a prioritized list of the security vulnerabilities for each corporate application. These results can be quickly exported into defect trackers used by the company’s software developers, injecting these security tasks into their regular work flow. ThreadFix also uses this vulnerability data to automatically generate web application firewall and IDS/IPS rules that ensure sensitive corporate data is protected during the application repair process. Based on alerts from these virtual patch rules, ThreadFix also tracks current attack attempts, enabling the system to provide a real-world view of the criticality of individual vulnerabilities. Finally, ThreadFix provides trending reports, enabling team members as well as management to track and improve productivity over time.
The new version of ThreadFix is now compatible with several sophisticated tools to better fulfill
the needs of enterprise-wide application development teams. For example, in addition to the Bugzilla and JIRA bug trackers, ThreadFix’s prioritized and aggregated results can now also be exported into Microsoft Team Foundation Server, the collaboration platform at the core of Microsoft's application lifecycle management used in many enterprises. As a result of this integration, it is much easier to work with both the developers and the security analysts as both teams continue to use tools they already know. The integration of both the NTOSpider and IBM Security AppScan Enterprise dynamic analysis testing platforms as well as the static analysis IBM Security AppScan Source tool enables ThreadFix to now import testing results from more than 20 software security testing tools and services, making ThreadFix useable to a wider number of organizations.
ThreadFix 1.1 also offers a tighter integration with Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory (AD) authentication protocols enabling ThreadFix to be better integrated inside of the enterprise workflow. As a result, ThreadFix users can now be included in the centralized enterprise management system provided by LDAP and AD to manage user accounts. The corporation’s software developers and security experts that use ThreadFix across the enterprise will no longer need to manage multiple users IDs and passwords. The integration also allows access rules to be applied based on a “need-to-know” basis to better reflect real-world team roles to further improve the organization’s overall security posture.
ThreadFix also now allows security and development teams to add comments and context to individual vulnerability content, enabling meaningful two-way communications that enhance the quality of remediation efforts. The individualized notes decrease team distractions while improving internal communication about the code’s content. The result is shorter development and test cycles, once again, accelerating the application vulnerability resolution process.
With these multi-tool and multi-team capabilities, ThreadFix is setting the standard for application security management within organizations of all sizes. Initially released in September of 2012, the open-source application has been downloaded over two thousand times and has been used to successfully reduce the time required to fix critical application software vulnerabilities. The product’s growing momentum with several Fortune 500 and government organizations demonstrates how large enterprises are embracing ThreadFix as a critical enabling platform to more effectively manage application software security programs.
Immediately available, ThreadFix 1.1 can be downloaded through the following link: http://www.denimgroup.com/threadfix. Denim Group also offers additional commercial support and implementation services for organizations deploying ThreadFix. To learn more, contact Denim Group at email@example.com or (210) 572-4400.
About Denim Group
Denim Group is the leading secure software development firm. The company builds custom large-scale software development projects across multiple platforms, languages and applications. What makes Denim Group unique is that the company brings significant core competencies in software security to the table, offering an innovative blend of secure software development, testing and training capabilities that protect a company's biggest asset, its data.
Denim Group customers span an international client base of commercial and public sector organizations across the financial services, banking, insurance, healthcare and defense
industries. Its depth of experience building large-scale software development systems in a secure fashion has made the company’s leaders recognized experts in their fields. Denim Group has been recognized as one of the 5,000 Fastest Growing Company’s by Inc. Magazine five years in a row, and has won multiple awards including its recent accolades as one of the best places to work in San Antonio. For more information about Denim Group visit http://www.denimgroup.com.
Denim Group is a registered service mark of Denim Group, Ltd. Other names and brands may be claimed as the property of others.