Veracode Inc., the provider of a continuous software security platform provider, today unveiled Veracode Fix, a new AI-powered product trained on the company’s proprietary dataset that suggests fixes for flaws found in software to help developers deploy secure code.

“For far too long, organizations have had to choose between remediating software security flaws and meeting aggressive deadlines to push code into production,” said Chief Product Officer Brian Roche. “Veracode Fix makes it possible to deliver more secure software faster, at lower cost and with higher confidence.”

The software development lifecycle has become more and more compressed over time. Many developer teams find themselves so pressed for time that they often ship code more without a lot of time for testing and rely on open-source dependencies that may contain flawed code. This increased need to propose and deliver new products to market quickly often leaves security concerns on the back burner.

Veracode Fix uses a generative pretrained transformer engine, the same type of artificial intelligence model that is used by OpenAI LP’s ChatGPT chatbot, to provide automatic code suggestions on how to remediate security flaws discovered after scanning software. It has been trained using Veracode’s already existing knowledge base of more than 140 trillion lines of code and its 17 years of security research.

Traditionally, when a security flaw is discovered, a software developer needs to spend time sifting through the research on the subject and then rewrite the code manually to fix the issue. This can be a time-consuming and tedious effort, especially when spread over hundreds or thousands of flaws across an entire codebase.

Generative AI helps greatly reduce the effort in research because it can quickly generalize based on similar security flaws in code so that developers can quickly find and automatically apply the appropriate fixes. It will even work for new flaws that have not been seen before, by providing suggestions on how to fix them based on Veracode’s vast knowledge of defects and bugs.

“Fixing security flaws has traditionally been a manual effort — until now,” said Roche. “With the increase in automated attacks, it’s no longer tenable to continue to remediate flaws entirely manually. Veracode Fix paves the way to a scalable mechanism to remove vulnerabilities before attackers can exploit them.”

The platform already provides a continuous security pipeline for developers that scans their software for flaws, which allows them to detect and remediate them before and after deployment. It meets developers where they work, inside their own dev tools, and assists with all manner of security issues. With the launch of Veracode Fix developers can now move beyond “find” and work toward “find and fix” at scale, the company said.

Veracode Fix will become generally available for customers in June 2023 and will feature support for Java and C# at launch.

Images: Pixabay, Veracode