Security by design is a proactive approach to the
ever-changing threat landscape – learn more at the inaugural
OpenText Security Summit 2024 on February
6
WATERLOO, ON, Feb. 5, 2024
/CNW/ -- OpenText™ (NASDAQ: OTEX), (TSX: OTEX), today
announced the second generation of its advanced cybersecurity
auditing technology debuting at the inaugural OpenText
Security Summit 2024 on February 6.
Today's developers are dealing with more complexity and threats in
multi-cloud environments. Security teams feel increasing pressure
to tackle application security with more sophisticated tools and
practices. Fortify Audit Assistant is OpenText's solution for
incorporating security at the very beginning of the software
development lifecycle—at code inception—and building robust,
secure, and reliable software systems.
Fortify Audit Assistant levels up the accuracy and performance,
increasing developer efficiency by reducing noise and false
positives. In doing so, security teams can focus on the
vulnerabilities that matter most. Triaging and validating raw
static analysis results is one of the most time-intensive, manual
processes within application security testing. Companies can't
afford to hire a team of human examiner experts in software
engineering, computer science, and software vulnerabilities.
Fortify Audit Assistant was created to automate security and
address these issues by utilizing machine learning to learn from
Fortify's human auditors.
"The first generation of Fortify Audit Assistant was well ahead
of its time with its use of predictive analytics and machine
learning," said Prentiss Donohue,
Cybersecurity Executive Vice President. "Those pioneering efforts
paved the way for us to derive 10 years of data from human experts
and turn them into predictive models that are significantly more
accurate compared to the previous generation's models, improving
efficacy in auditing by reducing false positives up to 90%.
Enterprises can now leverage this depth of information—something no
one else in the industry can provide—within their own software
assurance programs."
Major updates to the next generation of Fortify Audit Assistant
include:
- Account for model drift. The new Audit Assistant models
take a proactive approach to the ever-changing threat environment
by automating the processes that measure and report how models are
doing and refresh them as necessary to address any model drift.
Updated models will be delivered each quarter.
- Flexibility to learn from a company's unique
environment. The next generation Audit Assistant addresses the
unique data privacy needs of each company. In generation one, a
single model was used for both SaaS and on-prem environments. The
new Audit Assistant on-prem model pipeline was designed to learn
the unique behaviors of a company's projects. This learning gets
better and better over time as more vulnerabilities are audited,
the models continually learn what's appropriate for a company's
project—all while remaining sensitive to its IP.
- Expansive model expertise via language specification. No
single model can effectively cover every programming language. To
provide greater insight and expertise into vulnerabilities in both
on-prem and cloud environments, the next generation of Fortify
Audit Assistant now includes 30+ language-specific models. Having a
single model for C++, another model for JavaScript, etc. greatly
improves model performance by enabling a "team of experts" (AKA the
models) to go narrower and deeper thus increasing the likelihood of
finding the true vulnerabilities in software.
- Additional data and context. Fortify Audit Assistant
scans and identifies true positive or false positive amongst
millions of lines of code. Sometimes a scan result is a
vulnerability, but might not be exploitable because the code in
question is test code, not code that is deployed. In this next
generation, Fortify Audit Assistant considers the nuances of scan
results. In doing so, speed and efficacy of audits are greatly
improved.
For a complete list of new features and functionalities in the
next generation of Fortify Audit Assistant, visit this
whitepaper and blog.
Attendees of the OpenText Security Summit will be shown a demo
of Fortify Audit Assistant; the demo will also be available for
replay. Additional summit demonstrations to include Voltage Fusion
+ Content Services, a unique integration that solves the challenges
of managing sensitive data, and NetIQ Identity Manager in the
OpenText Private Cloud, a compliance offering that extends across
hybrid environments.
About OpenText Cybersecurity
OpenText Cybersecurity
provides comprehensive security solutions for companies and
partners of all sizes. From prevention, detection and response to
recovery, investigation and compliance, our unified/end-to-end
platform helps customers build cyber resilience via a holistic
security portfolio. Powered by actionable insights from our
real-time and contextual threat intelligence, OpenText
Cybersecurity customers benefit from high efficacy products, a
compliant experience and simplified security to help manage
business risk.
About OpenText
OpenText, The Information Company™,
enables organizations to gain insight through market leading
information management solutions, powered by OpenText Cloud
Editions. For more information about OpenText (NASDAQ: OTEX, TSX:
OTEX) visit opentext.com.
Connect with us:
OpenText CEO Mark Barrenechea's blog
Twitter | LinkedIn
Certain statements in this press release may contain words
considered forward-looking statements or information under
applicable securities laws. These statements are based on
OpenText's current expectations, estimates, forecasts and
projections about the operating environment, economies, and markets
in which the company operates. These statements are subject to
important assumptions, risks and uncertainties that are difficult
to predict, and the actual outcome may be materially different.
OpenText's assumptions, although considered reasonable by the
company at the date of this press release, may prove to be
inaccurate and consequently its actual results could differ
materially from the expectations set out herein. For additional
information with respect to risks and other factors which could
occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports
on Form 10-Q and other securities filings with the SEC and other
securities regulators. Unless otherwise required by applicable
securities laws, OpenText disclaims any intention or obligation to
update or revise any forward-looking statements, whether as a
result of new information, future events, or otherwise.
Copyright © 2024 OpenText. All Rights Reserved. Trademarks owned by
OpenText. One or more patents may cover this product(s). For more
information, please visit https://www.opentext.com/patents.
Third-party products mentioned are owned by the respective
third-party and/or its affiliates.
OTEX-G
View original content to download
multimedia:https://www.prnewswire.com/news-releases/opentext-takes-code-security-to-the-next-level-with-innovative-use-of-machine-learning-302052687.html
SOURCE Open Text Corporation