Next-gen Fortify Audit Assistant by OpenText empowers AppSec audit accuracy and performance
OpenText, The Information Company, is debuting the next iteration of Fortify Audit Assistant, an AppSec solution designed to integrate security at the beginning of the software development lifecycle—code inception. Backed by the success of the solution’s first generation, the latest Fortify Audit Assistant offers enhancements in prediction accuracy, an expanded model set, and more.
Fortify Audit Assistant is the result of OpenText’s investment into machine learning (ML) and AI for the purpose of securing applications, according to Dylan Thomas, senior director for Fortify engineering and product at OpenText Cybersecurity.
“The popularity of Fortify Audit Assistant combined with the continued need for DevSecOps teams to achieve accurate static application security testing (SAST) made this a clear focus for us,” said Thomas. “Working closely with our design partners, we were able to elevate performance, accuracy, and breadth with the second generation of Audit Assistant.”
OpenText’s AppSec solution targets the growing burden placed on security teams to ensure that application security is as robust as it is reliable. Application security testing—often involving tedious, time-intensive, manual processes—is left on the plate of security teams whose expertise is better suited elsewhere, according to OpenText.
With the second-gen Fortify Audit Assistant, security teams and developers alike are afforded peace of mind when tackling application security. The solution enables these teams to simultaneously minimize false negatives as well as false positives, allowing them to benefit from the Audit Assistant’s improved performance, accuracy, and overall breadth at the code level.
The latest updates for this next iteration of Fortify Audit Assistant include accounting for model drift, where the assistant takes a proactive approach to threats through the automation of model measuring and reporting.
“A common and dangerous assumption with the use of any machine learning implementation is that you can simply ‘set and forget.’ Many factors can influence model drift and it’s particularly important to account for with our use case of auditing SAST results,” explained Thomas. “Not only is there continual evolution of the threat landscape and programming languages themselves, but we’re also continually expanding our own coverage and improving accuracy. Our commitment to a steady cadence of quarterly model updates helps ensure our users focus on what matters—delivering value to their organizations with secure code.”
Fortify Audit Assistant also features an on-prem model pipeline which understands the unique behaviors of an enterprise’s environment. With this newfound agility, security teams benefit from a solution that continuously improves as it audits, aligning itself to the nature of a company’s project.
The next generation of Audit Assistant now includes 30-plus language specific models, improving model performance through its wider coverage of programming languages. Fortify Audit Assistant also considers the context of the code, scanning and identifying true positives or false positives among millions of lines of code for enhanced audit accuracy.
“Our design partners are particularly excited about the adaptive learning capabilities that enable Fortify Audit Assistant to automatically incorporate and prioritize their own training data. When it comes to effectively interpreting and gaining value from SAST results, context matters,” noted Thomas.
To learn more about OpenText’s Fortify Audit Assistant, please visit https://www.opentext.com/.