Defect Tracker Integration

A key decision for software development managers is to prioritize fixing vulnerabilities against the need to develop new features and functionality. Security personnel are focused on vulnerabilities, but software developers are focused on defects. Many security defects are individually easy to fix, but tend to occur in clusters (XSS, SQL injection, and others) Creating a defect for every vulnerability does not make sense because of the administrative cost associated with closing out defects in the defect tracking system. Vulnerability Manager allows application security teams to group vulnerabilities into individual defects. This allows application security personnel to communicate vulnerabilities to software developers using their existing tools such as defect tracking systems. Vulnerability Manager periodically checks in with the defect tracking system to identify when developers and QA teams have closed out the defects associated with vulnerabilities. Round trip data integration allows application security personnel to track the flow of vulnerabilities through their organization and speeds the remediation process.

Currently-supported technologies include:

• Bugzilla
• Microsoft Team Foundation Server (TFS)
• JIRA

Integration with new defect tracking and change management systems can easily be supported by extending the Vulnerability Manager using well-defined software interfaces.

Please note that these integrations are part of the Vulnerability Manager and are neither endorsed by nor supported by the associated defect tracking vendors at the current time.