Upon scanning their code for vulnerabilities, companies frequently encounter numerous findings. It takes an average of three months for firms to resolve a vulnerability, and 60% of those breached knew about the unpatched vulnerability used. Engineers tend to focus less on security patches in favor of work that generates cash. Fixing vulnerabilities is extremely costly for companies, ranging from $400 to $4,000 for each remedy. This is completely unacceptable in light of the prevalence and sophistication of security breaches in the modern era.
The security teams’ constant grip on how their dozens upon dozens of security technologies only serve to notify them of problems rather than automatically fix them was a common one. With this, security teams are left high and dry.
Meet Corgea, a new company that uses AI to automate finding and addressing software vulnerabilities. Corgea integrates well with existing security solutions to automatically scan codebases for possible vulnerabilities. However, Corgea surpasses simple detection. Its capacity to generate fixes with the help of AI is its greatest strength. This frees up a lot of time and energy for security personnel to put their focus where it belongs: on strategic projects.
Integrating Corgea with the current static application security testing (SAST) tools, such as Snyk or Semgrep, automatically repairs any vulnerabilities found in the code. Security teams can submit a pull request for the patch without interfering with any processes. The code fix is sent to the engineers for evaluation, along with clear explanations to help them comprehend the changes. To address SQL injection, path traversal, SSRF, and countless more vulnerabilities, Corgea may rewrite code and release patches. A quick demonstration of Corgea’s features is presented here.
How does Corgea work?
The three main steps of Corgea’s operation are as follows:
Corgea is compatible with the most popular security scanners and continuous integration/delivery pipelines, making it easy to detect vulnerabilities. That way, it can watch for newly emerging vulnerabilities in codebases. Corgea can find any security issues in the code using static application security testing (SAST) tools. It can also work with software composition analysis (SCA) technologies to find security flaws in the libraries that third parties utilize.
Generating Fixes with the Help of AI: Corgea doesn’t just stop at finding vulnerabilities. Potential code fixes are generated by utilizing its powerful AI capabilities. These fixes aim to close the vulnerability while keeping the code usable. A large collection of code and security patches is used to train Corgea’s AI model, which allows it to provide highly accurate fix suggestions.
Corgea generates a possible fix, produces a pull request in the code repository, and then reviews it. In addition to the code modification, this pull request describes the vulnerability and the reasoning for the proposed patch in detail. After reviewing the changes, developers can decide whether they are suitable to include in the codebase.
Key Benefits
With Corgea, businesses can safeguard their products and cut fixed times to hours without putting a strain on engineers, among other advantages. Engineers can save up to 80% of the time it is used to resolve security concerns because Corgea is issuing the code repair. Instead of being an obstacle, security can now facilitate engineering. Research also indicates that fixing a single vulnerability can cost anything from $400 to $4,000. Corgea can cut these expenses by as much as 80%. Several firms can save at least $10 million in direct development expenditures. The savings from avoiding breaches are not included in this.
In Conclusion
When it comes to protecting software, Corgea is a significant leap ahead. Once performed only by humans, Corgea automates security-related duties using artificial intelligence. Not only does this make security processes more efficient and effective, but it also frees up important human resources to work on more strategic projects.
The post Meet Corgea: An AI-Powered Startup that Helps Companies Fix Vulnerable Source Codes appeared first on MarkTechPost.