Vulnerability Manager v20100115 in the wild

Denim Group’s Vulnerability Manager allows security teams to import and consolidate application-level vulnerabilities, automatically generate virtual patches, monitor attack attempts, communicate with defect tracking systems, and evaluate team maturity. Because this is done in a centralized system, application security managers have greatly increased visibility into and control of these processes, and they are collecting data that can be used to support sophisticated conversations with their managers and executives.

I just finished testing VM (with Netsparker, Orizon, and Findbugs). It is just AWESOME !!!

Vulnerability Manager supports automatic and manually-assisted merging of vulnerabilities so that static and dynamic results can be correlated. Well-defined software interfaces allow for organizations to easily create import capabilities for new tools as long as the results are available in a structured format. Basic importers can be created in just a few hours of coding and these importers can be incrementally improved over time.


  • IBM Rational AppScan Source Edition (formerly Ounce Labs)
  • Fortify SCA/360 (unreleased)
  • Checkmarx
  • Microsoft CAT.NET
  • IBM Rational AppScan
  • WhiteHat Sentinel
  • Mavituna Netsparker


  • OWASP Orizon
  • FindBugs

Vulnerability importers for new technologies can easily be supported by extending the Vulnerability Manager using well-defined software interfaces.

Global features of VM

  • Application Portfolio Management
  • Vulnerability import
  • Real Time Protection (Virtual Patching)
  • Attack tracking
  • Defect tracking
  • Maturity tracking

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Vulnerability Management
Vulnerability Manager