OpenText has unveiled the second generation of its advanced application security auditing tool, Fortify Audit Assistant. This announcement was made in anticipation of the inaugural OpenText Security Summit 2024 scheduled for February 6. 

The technology is designed to meet the challenges faced by today’s developers, who are navigating an increasingly complex threat landscape in multi-cloud environments. OpenText’s initiative underscores the growing need for sophisticated tools and practices in application security, responding to the pressures security teams face in ensuring software integrity and reliability from the outset.

Major updates to Fortify Audit Assistant include the ability to account for model drift, flexibility to learn from a company’s unique environment, expansive model expertise via language specification, and the ability to consider the nuances of scan results. 

The new iteration of Fortify Audit Assistant minimizes the incidence of false positives and irrelevant alerts. The tool also aims to streamline developers’ work, enabling them to concentrate on addressing the most critical vulnerabilities. The refined auditing process is a direct response to the demands for more efficient application security testing, which has traditionally been bogged down by the time-consuming and manual triaging of static analysis results, according to OpenText.

The new generation of Fortify Audit Assistant is designed to integrate security considerations at the earliest stages of the software development lifecycle, starting from code inception. This approach helps with building software systems that are not only robust and reliable but also inherently secure. By embedding security measures from the beginning, OpenText aims to mitigate risks and enhance the overall resilience of software products against emerging threats.

The tool leverages machine learning technology to automate the security auditing process, learning from the expertise of Fortify’s human auditors. This application of AI is a strategic move to address the gap in available expertise for manual examination, which is both resource-intensive and impractical for many organizations. By automating the analysis of software vulnerabilities, Fortify Audit Assistant promises to significantly reduce the overhead associated with hiring teams of experts in software engineering, computer science, and cybersecurity, the company explained.

“The first generation of Fortify Audit Assistant was well ahead of its time with its use of predictive analytics and machine learning,” said Prentiss Donohue, cybersecurity executive vice president at OpenText. “Those pioneering efforts paved the way for us to derive 10 years of data from human experts and turn them into predictive models that are significantly more accurate compared to the previous generation’s models, improving efficacy in auditing by reducing false positives up to 90%. Enterprises can now leverage this depth of information—something no one else in the industry can provide—within their own software assurance programs.”