In our Glog.AI solution, we focused on real exploitable security vulnerabilities in software code and very precise remediation advice based on context.
We have worked on this because, based on more than decade of application security practice, the conclusion was that most of the tools on the market report too many potential vulnerabilities, which developers need to analyze and fix. And, guess what, more than 80% of findings are false positives or taken care of on another level. This takes a lot of time, creates friction between teams, and jeopardizes delivery timelines. Reporting this to vendors has not been very fruitful.
Another challenge: remediation advice offered by current tools is too generic. It does not give too much value for people (developers and/or architects) who need to remediate security vulnerabilities in their code.
Sounds familiar, doesn’t it?
We have felt that pain for a looooong time.
As a result of this frustration, we have worked on a solution that can triage issues, flag false positives (and trash them out), and then give very precise remediation advice for real vulnerabilities for specific vulnerability and specific context.
We did it! We came out with Glog.AI. More details on the web site and LinkedIn page. This is a 6+ years effort so far.
Glog.AI can give very precise remediation advice for security vulnerabilities in software code based on specific context.
It is not about code only but involves analysis and implementation of architectural and threat model security controls, correlation with other application security processes and tools through the entire SDLC (Software Development Lifecycle).
Our ultimate goal is: Auto-remediation of security vulnerabilities in software code!
Leave a Reply
You must be logged in to post a comment.