ThreadFix is an open source software vulnerability aggregation and management system that allows software security teams to reduce the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and projects. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating web application firewall rules, this system also allows companies to protect vulnerable applications while remediation activities occur. ThreadFix empowers managers with vulnerability trending reports that demonstrate software security progress over time.