ThreadFix 1.2 RC1 Now Available

Last week we pushed up the binary downloads for ThreadFix 1.2RC1. Major changes include:

  • Streamlined user interface and improved user experience
  • Centralized dashboard showing trending, most vulnerable applications and recent scans and user comments
  • Improved reporting capability as well as five new reports
  • Auto-detection of scan types (no more channels!)
  • Various bugfixes and enhancements.

I’m hoping to upload some screencasts before too much longer. In the meantime, here are a couple of screenshots of ThreadFix 1.2RC1:

This is the new dashboard screen you land on after logging in. From here you can see vulnerability trending over the past six months, the top 10 most vulnerable applications, recent scan uploads and recent comments applied to vulnerabilities.

This is the new scan upload screen. You’ll notice that you no longer have to tell ThreadFix what scan type you are uploading. Instead the scan type is auto-detected. No more configuring channels!

This is the new reporting interface. We reorganized things into different tabs (Trending, Snapshots, Comparisons) and added five new reports (6 and 12 month vulnerability trending, top 10 and 20 most vulnerable applications, top 10 most common vulnerabilities by CWE identifier).

So take a look at ThreadFix 1.2RC1 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.