Software Security Remediation: We Need to Actually Fix Some Vulnerabilities

There is a lot of focus in the security industry on finding vulnerabilities so you see a lot of material out there about penetration testing, fuzzing, static analysis and so on. That is all well and good but with so much focus placed on finding vulnerabilities a lot of organizations forget about the need to actually fix vulnerabilities. We do a lot of software security remediation work at Denim Group and we’re trying to start to make more of the lessons we’ve learned publicly available to make it easier for organizations to fix the vulnerabilities they find in their software. This is the first in a series of blog posts about a framework we’ve created for software security remediation projects. You can find more in-depth information available in the HOWTO Guide we put together on the subject.

You can read the full HOWTO Guide for Software Security Vulnerability Remediation here:

As we have posted previously, there is data out there you can use in planning your remediation strategy. We are hoping that if organizations have a structure for their remediaiton projects as well as data-backed estimates for the level of effort involved that it will be easier to secure budget for these important initiatives. We’ll be following up with more in-depth information on the different steps in the remediation process as well as some tips on practices we have found to be successful.

Contact us for help building your organization’s software security remediation strategy.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *