Denim Group: Weaving Security into Software Development

As the market witnesses a growing imperative to build software more quickly, John Dickson, Principal, Denim Group remarks, “DevOps, IT departments and, by extension, security teams are being stretched to the breaking point to support expedited software development and delivery.” This often results in application vulnerabilities being introduced due to rushed deadlines or ignored best practices in application development and design. Organizations are constantly battling to build revenue-generating software quickly while making sure all efforts have been exhausted to ensure its safe deployment and sustainability. Denim Group has played a significant role in solving this predicament ever since its inception in 2003. “Following the mantra of “building a world where technology is trusted,” we empower clients to build software in a faster and secure manner,” Dickson adds.

Denim Group’s chronicle can be traced back to the pioneering effort of the three Principals—Dan Cornell, Sheridan Chambers, and John Dickson. While Cornell and Chambers came from classic software development backgrounds where they built large-scale custom software systems for enterprise clients primarily in Java and .NET, Dickson, an ex-Air Force officer worked in the early version of the Air Force Computer Emergency response team (AFCERT). When the team identified that the intersection of the two areas—development and security—would be a hot area in the future, they dedicated their individual competencies to solving the discrepancies that prevailed in client application security outcomes and ultimately, software vulnerability remediation.

The company’s vulnerability management platform, ThreadFix is architected to facilitate stronger communication between security and development teams as well as executives. The platform identifies vulnerabilities in applications quickly and early ensuring an immediate fix during the development process where cost savings can be best realized.

ThreadFix connects leading application vulnerability scanners to risk management and compliance (GRC) tools like RSA Security’s Archer. Archer enables software development and security teams to communicate software risks to executives. By syncing with these tools, application security is placed in front of security operators and risk management decision makers for inclusion, analysis, and comparison with all other risk information.