Threadfix 1.2 Released


The ThreadFix development team has been hard at work since our last official product release (v1.1) in March. We are excited to announce that 1.2 official is available for download. Please download and test drive today! Again, we encourage any and all feedback. Please report any bugs you might find (or cool feature requests) into our Google Code Issue Tracker. Today’s update includes a bunch of great updates (User Experience, System Enhancements, Improved Reporting Capabilities) and a ton of bug fixes, see below:

What’s new since ThreadFix 1.1 (March 2013)?

  • User Experience
    • Improved user interface (thank you, Twitter Bootstrap!)
    • Streamlined user experience / workflow
    • Centralized Dashboard, providing quick access to:
      • Vulnerability Trending
      • Most Vulnerable Applications
      • Recent Scans & User Comments
  • Support for Additional Tools:
    • Support for NTO Spider 6 246
    • Support for Dependency Check 312
  • System Enhancements:
    • Auto detection of imported scan file types <– no more channels!
    • Addition of a Scan History Tab
    • Ability to attach files & documents (per application and per vulnerability) 57
    • Added scan type auto-detection to the Command Line Interface 268
    • Added visual indicator to bug icon indicate bug status 295
    • Added ‘Import All’ button to Remote Providers configuration page 297
    • Implemented severity import filters (based on CWE type) 329
    • Implemented breadcrumbs on Application and Team filters pages 355
    • Allow admins to toggle vulnerability severities to be included in/excluded from reporting 289
  • Improved Reporting Capability, including six (6) new reports:
    • List of all vulnerabilities
    • 6-month vulnerability burndown/trending
    • 12-month vulnerability burndown/trending
    • Top 10 most vulnerable applications
    • Top 20 most vulnerable applications
    • Top 10 vulnerabilities by CWE identifier
  • Various bug fixes

So – pull down ThreadFix 1.2 and let us know your thoughts. Here are some helpful links:

Contact us to talk about ways you can build your software security program on ThreadFix.


dan _at_


About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.