Press Release

Coalfire Acquires Denim Group to Transform DevSecOps Programs

June 1, 2021

Becoming #1 application security provider supporting top cloud service providers

WESTMINSTER, Colo, June 1, 2021 – Coalfire today announced the acquisition of Denim Group, a recognized leader in application security, to advance Coalfire’s commitment to bring simplicity and scale to AppSec risk programs through automation. With the acquisition, Coalfire will transform modern application development in a way that optimizes scarce DevSecOps resources and accelerates time to market. Terms of the deal were not disclosed.

Denim Group, a privately held company headquartered in San Antonio, Texas, offers advanced application security solutions leveraging its market-leading application security orchestration and correlation platform (ASOC) platform, ThreadFix, with consulting services.

“Agile development methods are rapidly changing time to market expectations and increasing frequency of release cycles, yet clients are challenged by how to rationalize the volume of application and cloud vulnerabilities generated from disparate testing tools,” said Coalfire Chief Operating Officer Mark Carney. “Our approach leverages advanced consulting services combined with the ThreadFix platform to ensure vulnerabilities are managed and prioritized efficiently, reducing time to remediation by 40 percent.”

The combined firms now serve over 1,800 clients, including the top five cloud service providers, half of the largest U.S. banks, leading government agencies, and the largest healthcare companies. Collectively, the teams will proactively identify over 4.2 million vulnerabilities each year through services that span the entire software development lifecycle, including:

  • Secure Software Development Lifecyle workshops
  • Application threat modeling
  • Application architecture reviews
  • Dynamic application security testing (DAST)
  • Static application security testing (SAST)
  • AppSec training

The power of Denim Group’s ThreadFix, and recently acquired Neuralys Attack Surface Management platform, signifies Coalfire’s commitment to delivering a risk-based and holistic threat and vulnerability management solution for discovery, rationalization, prioritization, and tracking of all vulnerabilities across an enterprise.

“Together, our combined teams represent one of the largest, most advanced, and industry-recognized cloud and application security solution providers,” said John Dickson, Principal, Denim Group. “We are committed to continuing to invest in and optimize the ThreadFix platform while supporting and expanding our ecosystem of partners. It’s even more meaningful for our teams to join forces the same year that both our companies celebrate 20 years of dedication to making technology more secure.” Kirkland & Ellis served as legal counsel to Coalfire and EY assisted with accounting and financial due diligence. GrowthPoint served as exclusive financial advisor to Denim Group.


About Coalfire

Leading cloud infrastructure providers, SaaS providers, and enterprises turn to Coalfire for help solving their toughest cybersecurity problems. Through the combination of extensive cloud expertise, technology, and innovative and holistic approaches, Coalfire empowers clients to achieve their business objectives, use security and compliance to their advantage, and fuel their continued success. Coalfire has been a cybersecurity thought leader for 20 years and has offices throughout the United States and Europe. For more information, visit

About Denim Group

Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risk. Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.


For media inquiries:
Mike Gallo
(212) 239-8594