Rich communication suite services take advantage of unified platforms that can support many systems and processes at once. But making sure those processes are secure—especially those that go through mobile applications—can be tricky. Thankfully, there are companies out there to ensure that RCS services are safe. Denim Group, a San Antonio-based software security company, has released ThreadFix 2.0, an application vulnerability management product that can identify which line of source code is responsible for a vulnerability. In addition, ThreadFix 2.0 and plug-in bridges can speed up how long it takes to fix application vulnerabilities – and the search for source code is made quicker.
“The ability to identify the line of code associated with dynamic testing is huge,” said Dan Cornell, Denim Group’s CTO, in a statement. “Now security managers can provide better information to the developers who are the ones that actually fix the vulnerable code. This provides an organization with another important capability that is needed to resolve software vulnerabilities more quickly.”
ThreadFix uses attack models made by the Hybrid Analysis Mapping engine. It can map the vulnerabilities back to the source code, and the code data can be exported into the developer’s Eclipse or IntelliJ Integrated Development Environment.
ThreadFix was first released in 2012, when it provided a view of an organization’s software security. It is able to collect vulnerability test results into a centralized platform. Then, it can provide a priority list of vulnerabilities. Updates are included on ThreadFix, and follow-up testing is scheduled. More recently, ThreadFix 2.0 was improved thanks to a Department of Homeland Security contract.
“The new technology creates a more accurate list of vulnerabilities which can improve the overall state of software security within an organization,” according to the company’s statement.
The use of the Hybrid Analysis Mapping also improves “the efficacy of dynamic scanners by identifying specific vulnerabilities which are not typically found by standard dynamic scanning crawls,” the company said in the statement.
“Hybrid Analysis Mapping technology can accelerate the discovery, identification and remediation of application vulnerabilities in order to better protect the software systems that power our nation’s critical infrastructure and e-commerce industries,” explained Kevin E. Greene, the Department of Homeland Security’s Science & Technology Cyber Security Division Program manager. “In the long-term, this gives U.S. companies the capability to identify key weaknesses throughout the software development lifecycle which will help reduce the cost of software failures, the number of software-related breaches and the potential loss of confidential information which continues to occur with alarming frequency.”
ThreadFix 2.0 Enterprise Edition is now available, too. It offers features for multi-user deployments in large organizations, and provides enhanced vulnerability reporting. Also, ThreadFix Community Edition, which is used by companies which have a few applications under development, will remain an open source project.
In a related matter, Cornell, when discussing the Heartbleed bug, told NPR (News - Alert) the exposure of OpenSSL’s vulnerability may lead businesses to move to two-factor authentication. That would give them more security.
"I think moving beyond simply using passwords is an important step worldwide to improve the security of this cyber-critical infrastructure," Cornell said in an interview on Texas Public Radio.
Edited by Alisen Downey