At previous organizations, vulnerabilities from scanners (nessus, nexpose) and pentests were tracked in spreadsheets. Have people found other solutions that work better? I’ve been looking at a solution called ThreadFix. Any suggestions would be appreciated.
Have you looked at NetSPI (netspi.com/netspi-resolve/) might be in your wheel house. I don’t track vuln mgt super close but I’ve heard them come up in conversations a few times.
Thanks! I’ll have to check if they have a trial options to evaluate.
ServiceNOW, the ability to write integrations to create tickets and deleted tickets is a great thing to use in tracking open vulnerabilities that require remediation.
So there is ThreadFix and Code Dx as commercial offering and OWASP Defect-Dojo as open source. ThreadFix has very good API’s and is constantly evolving but comes at a price. Code Dx from my perspective was more focused on integrating SAST Static Analysis Security Testing tools. Defect-Dojo is another topic, but at least it is freee. I am missing a complete API for Defect-Dojo.
So NET-SPI I do not know, is this hosted in the cloud? If it is, … first problem for this kind of sensitive information, …