• Fortify Audit Assist provides a solution for integrating security at the outset of the software development lifecycle, during code inception.
  • According to OpenText, the enhanced services enhance accuracy and performance, boosting developer efficiency through noise reduction and minimizing false positives.

OpenText Corp., an enterprise software provider, has recently introduced the second generation of its Fortify Audit Assist technology. This advancement is tailored to improve cybersecurity auditing, particularly in intricate, multicloud environments.

Fortify Audit Assist serves as a solution to integrate security into the initial stages of the software development lifecycle right from the inception of code. Its purpose is to facilitate the creation of robust, secure, and dependable software systems. This service is specifically crafted to aid security teams in coping with rising challenges in addressing application security through advanced tools and practices.

According to OpenText, the enhanced services elevate precision and performance, boosting developer efficiency through noise reduction and minimizing false positives. This technology enables security teams to concentrate on the most significant vulnerabilities by automating security measures and leveraging machine learning insights derived from Fortify’s human auditors.

Fortify Audit Assistant’s latest iteration brings improvements to its cybersecurity auditing capabilities. Enhanced and updated models now proactively adjust to the dynamic threat landscape by automating measurement and reporting processes. This approach ensures timely model refreshments to accommodate any changes, with quarterly updates being delivered.

The updated version provides customized learning based on a company’s environment, catering to the distinct data privacy requirements of each organization. In contrast to the initial generation, which employed a single model for both software-as-a-service and on-premises setups, the new on-premises model pipeline is crafted to assimilate insights from a company’s specific projects. This continuous learning process improves over time as it audits more vulnerabilities, all while safeguarding intellectual property.

The Audit Assistant has been expanded to include more than 30 language-specific models. Recognizing that a singular model cannot comprehensively cover every programming language, this enhancement significantly improves the system’s performance by adopting a “team of experts” approach. Each dedicated model focuses on a specific programming language, such as C or JavaScript, conducting in-depth analyses to enhance the accuracy of identifying true vulnerabilities in software.

The enhanced version of Fortify Audit Assistant distinguishes genuine positives from false positives within extensive lines of code, considering the context and subtleties of scan results. This functionality can pinpoint vulnerabilities that may not be exploitable, such as when the code is designated for testing purposes and not deployed in production. By factoring in these nuances, Fortify Audit Assistant boosts the speed and effectiveness of audits, simplifying the process for both security teams and developers.

Cybersecurity Executive Vice President of OpenTex, Prentiss Donohue, said, “The first generation of Fortify Audit Assistant was well ahead of its time with its use of predictive analytics and machine learning. Those pioneering efforts paved the way for us to derive 10 years of data from human experts and turn them into predictive models that are significantly more accurate compared to the previous generation’s models, improving efficacy in auditing by reducing false positives up to 90%.”