Vulnerability Management - Tracking beyond spreadsheets

At previous organizations, vulnerabilities from scanners (nessus, nexpose) and pentests were tracked in spreadsheets. Have people found other solutions that work better? I’ve been looking at a solution called ThreadFix. Any suggestions would be appreciated.

Have you looked at NetSPI ( might be in your wheel house. I don’t track vuln mgt super close but I’ve heard them come up in conversations a few times.

1 Like

Thanks! I’ll have to check if they have a trial options to evaluate.

ServiceNOW, the ability to write integrations to create tickets and deleted tickets is a great thing to use in tracking open vulnerabilities that require remediation.

So there is ThreadFix and Code Dx as commercial offering and OWASP Defect-Dojo as open source. ThreadFix has very good API’s and is constantly evolving but comes at a price. Code Dx from my perspective was more focused on integrating SAST Static Analysis Security Testing tools. Defect-Dojo is another topic, but at least it is freee. I am missing a complete API for Defect-Dojo.
So NET-SPI I do not know, is this hosted in the cloud? If it is, … first problem for this kind of sensitive information, …

1 Like