ThreadFix 1.2 RC3 Now Available


The ThreadFix product development team has been hard at work since our ThreadFix 1.2 RC2 released in late July and today we’ve made a 3rd 1.2 Release Candidate available for users and organizations to download and put it through its paces. This update includes some great new features like: file attachments, severity filtering, support for Dependency Check, and a ton of bug fixes and enhancements. This release is intended for users who want to try out the new version and help identify any remaining bugs prior to the 1.2 official release. We welcome any and all feedback. Please report any bugs you might find into our Google Code Issue Tracker.

What’s new in ThreadFix 1.2 RC3?

  • Ability to attached files & documents (per application and per vulnerability) 57
  • Import historical WhiteHat data; previously only pulling in opened vulnerabilities. 287
  • Allow admins to toggle vulnerability severities to be included in/excluded from reporting 289
  • New report: Listing of all vulnerabilities 290
  • Support for Dependency Check 312
  • Implement severity import filters (based on CWE type) 329
  • Implemented breadcrumbs on Application and Team filters pages 355
  • Scan details page should include/show stats for hidden vulnerabilities 356
  • Various bug fixes and enhancements

So – please take a look at ThreadFix 1.2RC3 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.


dan _at_


About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.