Credit: Courtesy / The Denim Group

San Antonio-based Denim Group recently added two more awards to the long list of honors for its groundbreaking products and solutions that set high standards in all areas of security and technology.

Their product ThreadFix was named a Silver winner in two award categories of the 13th Annual Info Security PG’s Global Excellence Awards.

ThreadFix was also named a finalist in Application Security for the Cybersecurity Excellence Awards, which recognizes products that demonstrate innovation and leadership in information security.

More than 40 industry experts from all over the world judged the 2017 Global Excellence Awards competition to determine the winners, who were announced during the awards dinner and presentation on Feb. 13 in San Francisco.

Mostly large financial and banking companies running multiple applications and vulnerability scanners globally use Threadfix, a vulnerability resolution platform.

The platform allows companies to manage all the security programs that scan for vulnerabilities in software being developed and/or used companywide. Threadfix’s dashboard enables communication between teams dedicated to cybersecurity and software development.

For organizations that develop software, Threadfix can automate the matching and merging of vulnerability report results from different types of vulnerability scanners. As a result, staff members don’t have to manually enter results from different vulnerability scans into a master spreadsheet, which saves them valuable time.

John Dickson, a former Air Force officer and CEO of the Denim Group
John Dickson Credit: Courtesy / Denim Group

“The vast majority of software being built is being built by people who focus on its functionality,” said John Dickson, principal of the Denim Group, a private application security firm. “Some may have an awareness of the security aspects when building software, but that knowledge is not widespread.”

Dickson said that big companies have multiple business teams working on software, and therefore run multiple software vulnerability scanners. As the different software programs are being developed, security scans will generate a list of vulnerabilities that need to be addressed. Threadfix compiles all these vulnerabilities to facilitate risk management for security staff who manage the software vulnerabilities for the entire company. Threadfix works in iOS, Java, and other programming languages, since teams often use a variety of software scanners.

“People have to manage and measure [software vulnerability] risk across so many activities, teams, and efforts,” Dickson explained. “Threadfix takes the outcome of all these testing tools and puts them into a common format in a desktop environment that allows security people to prioritize the security fixes.”

Threadfix’s scanners have outputs that detail the vulnerabilities for each software development effort. That data is managed in a common format for easy monitoring and prioritizing of software vulnerability fixes. Now, risk management staff at a glance can see which software vulnerability fixes have been applied or not addressed.

This enables teams to prioritize risk decisions and transition application vulnerabilities to developers in order to speed up the remediation process – up to 40%, according to Denim Group clients.

“Threadfix allows the company to build software and focus on development while simultaneously giving the risk management folks a way to monitor prioritization of which security fixes to address first,” Dickson said.

The Denim Group received funding from the Small Business Innovation Research (SBIR) program, a government program coordinated by the Small Business Administration to help small businesses conduct research and development. The SBIR grant allowed the Denim Group to build Threadfix prior to releasing the commercial version three years ago.

The world’s largest banks’ demand for Threadfix is helping drive the Denim Group’s ambitious growth.

“We’re hiring left and right,” Dickson said. “We’re looking for security application people and have lots of openings now.”

With cybersecurity gaining importance in virtually every industry – especially in the banking and financial sector – Threadfix is one reason why Denim Group has been recognized as one of the 5,000 fastest growing private companies by Inc. Magazine five years in a row.

Avatar photo

Iris Gonzalez

Iris Gonzalez writes about technology, life science and veteran affairs.