UPDATE: ThreadFix 1.0 beta 21!

[Nytro]

[h=1]UPDATE: ThreadFix 1.0 beta 21![/h]“ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. It imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted.”

[h=2]Changes made to ThreadFix:[/h]

• Defect Tracker and Remote Provider credentials are now encrypted before being saved in the database.
  
• An IBM Rational AppScan Source Edition alpha importer is now included.
  
• A few changes have been made to ease the development of a custom Defect Tracker solution. Now users can add a database entry and drop a JAR in the ThreadFix lib to include custom Defect Tracker code.
  
• CWE names have been updated to stay current with the May 2012 2.2 release of the standard.
  
• Veracode and Qualys now import all of the scans in an application’s history instead of just the first one.
  
• Veracode vulnerabilities that were marked as false positives will now import to ThreadFix as false positives.
  
• A few Nessus vulnerability types have been added, but most Nessus findings will still not import to ThreadFix.
  
• All tables that display vulnerability or finding information have been moved to an asynchronous loading method to improve performance and memory usage.
  
• The queue for scans now behaves serially to enforce scan ordering.
  
• Several bugs have been fixed and small changes have been made to the UI.
  

[h=3]Download ThreadFix:[/h] ThreadFix 1.0 Beta 21 – ThreadFix_1_0_beta21.zip

Sursa: ThreadFix 1.0 beta 21! — PenTestIT