OpenText Fortify Audit Assistant: Greater Accuracy, Expanded Coverage, and Optimized Vulnerability Detection

OpenText launches second generation of its cybersecurity audit technology to be showcased at inaugural summit OpenText Security Summit 2024 today. In a context where IT security teams face increasing pressure to strengthen application security, OpenText is enriching the second version of its audit tool. The new version of Fortify Audit Assistant leverages a next-generation static analysis engine that features greater accuracy, broader programming language coverage, and detection of more vulnerabilities.

This solution is designed to integrate security practices from the initial software development phase. This allows you to develop applications that are not only robust and reliable, but also secure by design. By automating and refining security analysis, Fortify Audit Assistant helps you identify and remediate vulnerabilities more effectively, contributing to a better overall security posture.

Today’s developers face greater complexity and threats in increasingly complex multi-cloud environments with a multitude of programming languages, frameworks, and libraries. This proliferation of programming languages, frameworks and libraries, combined with evolving security threats, presents a challenge for security teams that are often undersized and under-resourced.

Integrate security from code creation

In this context, developers must find a balance between development speed and application security. In turn, security teams must find ways to automate repetitive tasks and focus on the most important issues. Fortify Audit Assist helps you integrate security early in the software development lifecycle (from code creation) and build robust, secure, and reliable software systems.

Fortify Audit Assistant improves accuracy and performance by reducing noise and false positives. Security teams can therefore focus on the most impactful vulnerabilities. Sorting and validating raw static analysis results is one of the most tedious manual processes in application security testing. Fortify Audit Assistant is designed to automate security and resolve these issues using machine learning.

The next generation of Fortify Audit Assistant introduces important innovations to improve application security. Adapts models to combat deviations due to evolving threats, with quarterly updates. The new models operate in a proactive approach to the changing threat environment, automating processes that measure and report the health of the models and update them as necessary to remediate any model drift.

Improving audit relevance through continuous learning

Fortify Audit Assistant also offers greater customization to understand the specifics of each company in order to improve the relevance of the audit over time. In the first generation, a single model was used for SaaS and on-premises environments. The new Onsite Audit Assistant pipeline is designed to learn how a company’s projects unfold. This learning improves over time as vulnerabilities are audited. Models continually learn, respecting intellectual property.

To provide greater insight and insight into vulnerabilities in on-premises and cloud environments, the next generation of Fortify Audit Assistant now includes more than 30 language-specific templates. This specialization of models by language increases accuracy in detecting vulnerabilities. Additionally, it refines the distinction between true positives and false positives, taking into account the context of code use, to improve audit efficiency. For example, if the result of a scan is a vulnerability, but it is not necessarily exploitable because the code in question is test code and not deployed code. The next-generation Fortify Audit Assistant takes into account the nuances of analysis results.

Leave a Comment