ThreadFix 2.1M1 Now Available


We recently uploaded the first milestone build for the ThreadFix 2.1 development series. Among the 82 bug fixes and feature updates, ThreadFix 2.1M1 showcases the following new capabilities:

  • New vulnerability search capability lets you slice and dice vulnerability data in a much more flexible way than was possible with the previous reports functionality. You can also save filters for later use. In addition, you can access this new vulnerability search via the REST API and command-line client.
  • Scan importers are now pluggable and get reloaded when ThreadFix starts. This should be a huge help as we work to keep these up to date with changing file formats and the inclusion of new scanners. Also we’ve started importing more data from the original scan files such as attack requests and responses. This should provide better context about imported vulnerabilities and help with vulnerability triage. It will take some time to get all of the importers updated, but we’re working on it and making progress.
  • User interface and user experience updates to better show progress during potentially long operations. Also drag-and-drop file uploads – fun!
  • Vulnerability taxonomy updated to MITRE CWE 2.6
  • Support for new scanners – Cenzic/Trustwave Hailstorm and Checkmarx.
  • Support for new defect trackers – HP Quality Center and VersionOne.

So please pull down the 2.1M1 build from the ThreadFix download site and take it for a spin. As always, please submit any feature requests and bug reports to the GitHub issue tracker and feel free to reach out to the ThreadFix community via the ThreadFix Google Group.

Contact us for help taking control of your application security program with ThreadFix.

About Dan Cornell

A globally recognized application security expert and the creator of ThreadFix, Dan Cornell holds 20 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd, the parent company of ThreadFix, he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.