OpenText has introduced the second generation of its advanced application security auditing tool, Fortify Audit Assistant. The announcement comes ahead of the inaugural OpenText Security Summit 2024, scheduled for February 6.
The technology is designed to address the challenges facing today’s developers, who are navigating an increasingly complex threat landscape in multi-cloud environments. OpenText’s initiative highlights the growing need for sophisticated tools and practices in application security, responding to the pressures security teams face to ensure the integrity and reliability of software from the outset.
Major updates to Fortify Audit Assistant include the ability to account for model drift, the flexibility to learn from a company’s unique environment, expansive model expertise through language specification, and the ability to consider the nuances of scan results.
The new iteration of Fortify Audit Assistant reduces the frequency of false positives and irrelevant alerts. The tool also aims to simplify the work of developers, allowing them to concentrate on solving the most critical vulnerabilities. The streamlined audit process is a direct response to demands for more efficient application security testing, which has traditionally been bogged down by time-consuming and manual triage of static analysis results, according to OpenText.
The new generation of Fortify Audit Assistant is designed to integrate security considerations at the earliest stages of the software development life cycle, starting with code inception. This approach helps build software systems that are not only robust and reliable, but also inherently secure. By building in security measures from the start, OpenText aims to mitigate risks and improve the overall resilience of software products to emerging threats.
The tool uses machine learning technology to automate the security audit process, learning from the expertise of Fortify’s human auditors. This application of artificial intelligence is a strategic move to address the gap in available expertise for manual testing, which is demanding and impractical for many organizations. By automating software vulnerability analysis, Fortify Audit Assistant promises to significantly reduce the overhead associated with employing teams of software engineering, computer science and cybersecurity experts, the company explained.
“The first generation of Fortify Audit Assistant was way ahead of its time with its use of predictive analytics and machine learning,” said Prentiss Donohue, executive vice president of cybersecurity at OpenText. “These pioneering efforts paved the way for us to take 10 years of data from human experts and turn it into predictive models that are significantly more accurate compared to previous generation models, improving audit efficiency by reducing false positives by up to 90%.” Enterprises can now leverage this depth of information—something no one else in the industry can provide—within their own software assurance programs.”