Enterprise software provider OpenText Corp. today announced the launch of the second generation of its Fortify Audit Assist technology designed to enhance cybersecurity auditing in complex, multicloud environments.

Fortify Audit Assist is a solution for incorporating security at the beginning of the software development lifecycle, at code inception, for building robust, secure and reliable software systems. The service is designed to assist security teams facing increasing pressure to tackle application security with more sophisticated tools and practices.

OpenText says the updated services levels up accuracy and performance, increasing developer efficiency by reducing noise and false positives. The technology allows security teams to focus on the vulnerabilities that matter most by automating security and addressing issues using machine learning to learn from Fortify’s human auditors.

The new generation of Fortify Audit Assistant introduces new updates that enhance the service’s cybersecurity auditing capabilities. New, updated models now take a proactive approach to adapting to the constantly changing threat environment by automating the measurement and reporting processes. Doing so ensures that models are refreshed as necessary to account for any drift, with updates delivered quarterly.

The new version offers tailored learning from a company’s specific environment, addressing the unique data privacy needs that are distinct to each organization. Unlike the first generation, which used a single model for both software-as-a-service and on-premises environments, a new on-premises model pipeline is designed to learn from the unique behaviors of a company’s projects. That improves over time as it audits more vulnerabilities, all while protecting intellectual property.

The Audit Assistant has also been broadened by introducing over 30 language-specific models. The development acknowledges that no single model can effectively cover every programming language, greatly enhancing the system’s performance by offering a “team of experts” approach. Each model, dedicated to a specific programming language such as C++ or JavaScript, dives deeper into the analysis, increasing the likelihood of accurately identifying true vulnerabilities in software.

The next generation of Fortify Audit Assistant also has an improved ability to discern true positives from false positives among millions of lines of code, taking into account the context and nuances of scan results. The functionality can identify vulnerabilities that may not be exploitable, such as when the code is for testing purposes and not deployed in production. By considering the nuances, the Fortify Audit Assistant enhances the speed and efficacy of audits, streamlining the process for security teams and developers alike.

“The first generation of Fortify Audit Assistant was well ahead of its time with its use of predictive analytics and machine learning,” said Prentiss Donohue, cybersecurity executive vice president of OpenText. “Those pioneering efforts paved the way for us to derive 10 years of data from human experts and turn them into predictive models that are significantly more accurate compared to the previous generation’s models, improving efficacy in auditing by reducing false positives up to 90%.”

Photo: OpenText