OpenText Takes Code Security to the Next Level with Innovative use of Machine Learning
Security by design is a proactive approach to the ever-changing threat landscape - learn more at the inaugural OpenText Security Summit 2024 on February 6
Waterloo, ON – 2024-02-05 –
OpenText™ (NASDAQ: OTEX), (TSX: OTEX), today announced the second generation of its advanced cybersecurity auditing technology debuting at the inaugural OpenText Security Summit 2024 on February 6. Today’s developers are dealing with more complexity and threats in multi-cloud environments. Security teams feel increasing pressure to tackle application security with more sophisticated tools and practices. Fortify Audit Assistant is OpenText’s solution for incorporating security at the very beginning of the software development lifecycle—at code inception—and building robust, secure, and reliable software systems.
Fortify Audit Assistant levels up the accuracy and performance, increasing developer efficiency by reducing noise and false positives. In doing so, security teams can focus on the vulnerabilities that matter most. Triaging and validating raw static analysis results is one of the most time-intensive, manual processes within application security testing. Companies can’t afford to hire a team of human examiner experts in software engineering, computer science, and software vulnerabilities. Fortify Audit Assistant was created to automate security and address these issues by utilizing machine learning to learn from Fortify’s human auditors.
“The first generation of Fortify Audit Assistant was well ahead of its time with its use of predictive analytics and machine learning,” said Prentiss Donohue, Cybersecurity Executive Vice President. “Those pioneering efforts paved the way for us to derive 10 years of data from human experts and turn them into predictive models that are significantly more accurate compared to the previous generation’s models, improving efficacy in auditing by reducing false positives up to 90%. Enterprises can now leverage this depth of information—something no one else in the industry can provide—within their own software assurance programs.”
Major updates to the next generation of Fortify Audit Assistant include:
- Account for model drift. The new Audit Assistant models take a proactive approach to the ever-changing threat environment by automating the processes that measure and report how models are doing and refresh them as necessary to address any model drift. Updated models will be delivered each quarter.
- Flexibility to learn from a company’s unique environment. The next generation Audit Assistant addresses the unique data privacy needs of each company. In generation one, a single model was used for both SaaS and on-prem environments. The new Audit Assistant on-prem model pipeline was designed to learn the unique behaviors of a company’s projects. This learning gets better and better over time as more vulnerabilities are audited, the models continually learn what’s appropriate for a company’s project—all while remaining sensitive to its IP.
- Expansive model expertise via language specification. No single model can effectively cover every programming language. To provide greater insight and expertise into vulnerabilities in both on-prem and cloud environments, the next generation of Fortify Audit Assistant now includes 30+ language-specific models. Having a single model for C++, another model for JavaScript, etc. greatly improves model performance by enabling a “team of experts” (AKA the models) to go narrower and deeper thus increasing the likelihood of finding the true vulnerabilities in software.
- Additional data and context. Fortify Audit Assistant scans and identifies true positive or false positive amongst millions of lines of code. Sometimes a scan result is a vulnerability, but might not be exploitable because the code in question is test code, not code that is deployed. In this next generation, Fortify Audit Assistant considers the nuances of scan results. In doing so, speed and efficacy of audits are greatly improved.
For a complete list of new features and functionalities in the next generation of Fortify Audit Assistant, visit this whitepaper and blog.
Attendees of the OpenText Security Summit will be shown a demo of Fortify Audit Assistant; the demo will also be available for replay. Additional summit demonstrations to include Voltage Fusion + Content Services, a unique integration that solves the challenges of managing sensitive data, and NetIQ Identity Manager in the OpenText Private Cloud, a compliance offering that extends across hybrid environments.
About OpenText Cybersecurity
OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified/end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.
About OpenText
OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions. For more information about OpenText (NASDAQ: OTEX, TSX: OTEX) visit opentext.com.
Connect with us:
OpenText CEO Mark Barrenechea’s blog
Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws. These statements are based on OpenText's current expectations, estimates, forecasts and projections about the operating environment, economies, and markets in which the company operates. These statements are subject to important assumptions, risks and uncertainties that are difficult to predict, and the actual outcome may be materially different. OpenText's assumptions, although considered reasonable by the company at the date of this press release, may prove to be inaccurate and consequently its actual results could differ materially from the expectations set out herein. For additional information with respect to risks and other factors which could occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and other securities filings with the SEC and other securities regulators. Unless otherwise required by applicable securities laws, OpenText disclaims any intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise.
Copyright © 2024 OpenText. All Rights Reserved. Trademarks owned by OpenText. One or more patents may cover this product(s). For more information, please visit https://www.opentext.com/patents. Third-party products mentioned are owned by the respective third-party and/or its affiliates.