The target audience for Denim Group's ThreadFix—an open-source software vulnerability management tool—is mainly mid-size companies unable to afford the half a million it typically costs for a full testing suite. The company says that ThreadFix gives enterprise developers the ability to review a single comprehensive security profile of their applications. Furthermore, ThreadFix can operate at the same time that software development is occurring and creates Web application firewall virtual patches, which protect the applications during remediation. By using tools the developers already know and love, the security team can work with the development team by using the language they speak. At the same time, the security team has a platform to manage the resolution process that is, says the Denim Group, light-years better than the Excel spreadsheets typically used for this effort.
http://denimgroup.com