Companies often run into multiple vulnerabilities when they scan their code, which can take an average of three months to resolve. This slow process often leads to breaches, especially since 60% of businesses are aware of the unpatched vulnerability used. This process not only detracts from the firm’s productivity but is also costly, costing between $400 and $4,000 to address each vulnerability.
To solve this issue, a new company named Corgea utilises AI to automatically identify and address software vulnerabilities. Unlike existing security technologies which only alert teams of issues, Corgea surpasses this by generating fixes using AI, thereby freeing up time for security personnel to concentrate on strategic projects.
Corgea integrates with current static application security testing (SAST) tools such as Snyk or Semgrep, automatically fixing identified vulnerabilities. The company provides security teams with a pull request for the patch, which they can submit for evaluation without disrupting any processes. The proposal, which comes with a clear explanation of the changes, may include a rewrite of the code to address various vulnerabilities such as SQL injection and path traversal.
Corgea operates in three vital steps; compatibility with popular security scanners and delivery pipelines allows it to detect new vulnerabilities. Using SAST tools, it can identify any security issues in the code and utilise software composition analysis (SCA) technologies to identify security flaws in the libraries that third parties use.
Corgea’s powerful AI capabilities allow it to generate potential fixes that aim to eliminate the vulnerability while still maintaining the code’s usability. The AI model, trained using a large collection of code and security patches, can offer highly accurate fix suggestions.
The company also reviews and produces pull requests in the code repository for possible fixes. The engineers can review the suggested fixes, which include a detailed explanation of the vulnerability and the reason for the recommended patch, and then decide if the changes are suitable for the codebase.
Through Corgea, businesses can secure their products and reduce fixed times to just a few hours without overwhelming their engineers. Corgea can save engineers up to 80% of the time normally spent resolving security issues. The tool also reduces the cost of fixing a single vulnerability by up to 80%. This reduction can result in significant savings, potentially saving companies at least $10 million in direct development costs. This excludes the savings made from avoiding breaches.
Corgea represents an important step forward in software protection, automating security-related tasks using artificial intelligence that were previously manually executed. This not only improves security processes but also frees up vital human resources for more strategic projects.