ThreadFix 2.1M1 Now Available


We recently uploaded the first milestone build for the ThreadFix 2.1 development series. Among the 82 bug fixes and feature updates, ThreadFix 2.1M1 showcases the following new capabilities:

  • New vulnerability search capability lets you slice and dice vulnerability data in a much more flexible way than was possible with the previous reports functionality. You can also save filters for later use. In addition, you can access this new vulnerability search via the REST API and command-line client.
  • Scan importers are now pluggable and get reloaded when ThreadFix starts. This should be a huge help as we work to keep these up to date with changing file formats and the inclusion of new scanners. Also we’ve started importing more data from the original scan files such as attack requests and responses. This should provide better context about imported vulnerabilities and help with vulnerability triage. It will take some time to get all of the importers updated, but we’re working on it and making progress.
  • User interface and user experience updates to better show progress during potentially long operations. Also drag-and-drop file uploads – fun!
  • Vulnerability taxonomy updated to MITRE CWE 2.6
  • Support for new scanners – Cenzic/Trustwave Hailstorm and Checkmarx.
  • Support for new defect trackers – HP Quality Center and VersionOne.

So please pull down the 2.1M1 build from the ThreadFix download site and take it for a spin. As always, please submit any feature requests and bug reports to the GitHub issue tracker and feel free to reach out to the ThreadFix community via the ThreadFix Google Group.

Contact us for help taking control of your application security program with ThreadFix.

About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.