ThreadFix 1.2 RC3 Now Available


The ThreadFix product development team has been hard at work since our ThreadFix 1.2 RC2 released in late July and today we’ve made a 3rd 1.2 Release Candidate available for users and organizations to download and put it through its paces. This update includes some great new features like: file attachments, severity filtering, support for Dependency Check, and a ton of bug fixes and enhancements. This release is intended for users who want to try out the new version and help identify any remaining bugs prior to the 1.2 official release. We welcome any and all feedback. Please report any bugs you might find into our Google Code Issue Tracker.

What’s new in ThreadFix 1.2 RC3?

  • Ability to attached files & documents (per application and per vulnerability) 57
  • Import historical WhiteHat data; previously only pulling in opened vulnerabilities. 287
  • Allow admins to toggle vulnerability severities to be included in/excluded from reporting 289
  • New report: Listing of all vulnerabilities 290
  • Support for Dependency Check 312
  • Implement severity import filters (based on CWE type) 329
  • Implemented breadcrumbs on Application and Team filters pages 355
  • Scan details page should include/show stats for hidden vulnerabilities 356
  • Various bug fixes and enhancements

So – please take a look at ThreadFix 1.2RC3 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.