Denim Group, a secure application software consultancy, announced July 25 that the U.S. Department of Homeland Security has awarded its application vulnerability management platform ThreadFix with a major research grant to help further develop the technology.
ThreadFix is an open-source tool designed to give security practitioners the ability to understand the security of their applications and to conduct remediation in an efficient manner.
The Small Business Innovation Research (SBIR) grant was awarded via a three-phase program: Threadfix has received $100,000 in phase 1. A potential phase 2 award could increase the overall grant award amount to $1 million; phase 3 is the commercialization of the product.
ThreadFix is designed to solve reporting issues. The vulnerability management tool provides security managers and professionals a central location to store and track software vulnerabilities. Trending reports empower users to give up-to-date security statuses of their Web applications. ThreadFix also creates Web application firewall virtual patches that protect applications during remediation.
“This technological innovation is a pivotal investment in protecting software systems that power our nation’s critical infrastructure and e-commerce industries,” Kevin E. Greene, DHS Science and Technology Cyber Security Division Program Manager, said in a statement.
The grant will enable Denim Group to deduplicate the results from dynamic and static test scans to accelerate the remediation process. ThreadFix then exports the prioritized software vulnerabilities into bug trackers, integrating the security tasks into the developer’s regular workflow. As a result, software vulnerabilities get fixed significantly faster than the six months it typically takes, according to White Hat Security.
In addition, because ThreadFix is an open-source product, the results of Denim Group’s research will be available to the entire industry for free to spur wider adoption of an important technology that can fix serious application security issues faster than ever before.
ThreadFix was also selected to be displayed at the Arsenal at the upcoming Black Hat conference.