Finance Industry Case Study

Client Results

Global Enterprise Security

Maintained by a distributed security team

Centralized Security Database

For policy and vulnerability information

Scaling an Application Security Program

The company had a large portfolio of 2,000 applications, and application security testing processes were manual and nonstandardized with no accountability, leading to requests being lost and no standard way to handle the results of tests that were performed. As a result, the application security team could not fulfill the requirements the business was placing on them. Large portions of the application portfolio were not being tested, and those applications that were being tested were being handled in an ad hoc manner resulting in identified vulnerabilities not being fixed in a timely manner.

Centralized Authority

ThreadFix was established as the system of record for application security testing results and for application security policy management. This centralized authority then allowed the security team to enlist security champions spread across the organization to act as liaisons to and consultants for groups of the distributed development teams.

Enterprise Security Visibility

This allowed the organization to scale application security testing and vulnerability management. In addition, the ThreadFix database is now used to feed their corporate risk reporting systems to provide enterprise-wide visibility into the risk associated with deployed applications.


The end result is that the organization enjoys the scale of a distributed application security team with the consistency of a centralized database of both policy and vulnerability information that is fed into corporate risk management systems to help address compliance requirements.

Take ThreadFix for a test drive.

Request a Demo