ThreadFix 1.2 RC2 Now Available

Earlier today we pushed up the binary downloads for ThreadFix 1.2RC2. Major changes include:

  • Support for NTO Spider 6
  • Added scan type auto-detection to the Command Line Interface (CLI)
  • Added visual indicator to bug icon to indicate bug status
  • Added “Import All” button to Remote Providers configuration page
  • Various bug fixes and system enhancements
  • Main ThreadFix code moved into threadfix-main/ subdirectory in the main Google Project
  • CLI codebase is now included in the threadfix-cli/ subdirectory in the main Google Project (it was formerly in its own Google Project site, which has now been deprecated)

Also I will be at BlackHat next week to demonstrate ThreadFix at the Arsenal. In addition to everything in 1.2RC2 I will also be previewing some cool new features we are working to stabilize and include in the main line development. If you would like to meet up either drop by the Arsenal during my session times (Wednesday 10:15am – 10:40am on the main stage, Wednesday 12:45pm -3:15pm at Station 2) or drop me a line and we can catch up separately.

So – please take a look at ThreadFix 1.2RC2 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.