Press Coverage of ThreadFix and Hybrid Analysis Mapping (HAM)

We recently announced the SBIR Phase 1 contract we won with the Department of Homeland Security (DHS) to do research into Hybrid Analysis Mapping (HAM). This research is investigating better ways to integrate the results of static and dynamic security scanning tools and we are in the process of integrating this research into the ThreadFix open source application vulnerability management platform. We spoke with a number of folks in the press who provided an expanded view of what we are working on and I wanted to highlight some of that coverage here.


Chris Preimesberger from eWeek wrote an article titled “Homeland Security Awards Grant for ThreadFix Development” where he talks about the various capabilities provided by ThreadFix, how software security impacts critical US infrastructure, and how the work we are doing helps to accelerate the software vulnerability remediation process. [One minor note – the work we are doing with DHS isn’t technically a “grant.” Rather, it is a contract to do research under their Small Business Innovation Research (SBIR) program.]

Also, James A. Denman from wrote an article titled “Security Test Researcher Funded by US Department of Homeland Security” where he looks at the challenges associated with Hybrid Analysis Mapping (HAM) as well as the difficulties organizations face when trying to actually resolve identified vulnerabilities.

It is good to see both the press and industry taking a greater interest in an organization’s need to fix the vulnerabilities that various scanning tools are identifying in their software and we’re thrilled to be helping move the state of the industry forward.

Contact us to talk about ways this research and ThreadFix can help you get the most out of the scanning tools you’re using in your organization.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.