There’s a lot of quiet confidence around (pun not intended and apologized for) if you listen to the Qwiet AI team. The impact has been remarkable both in terms of speed (12x faster than legacy tools) and accuracy (80% fewer false positives), freeing engineers, DevOps and security teams from the 'time suck' of chasing vulnerabilities that are either unreachable or false positives.” “By combining our original technology's data and visibility with over six years and 78 billion lines of analyzed code, we've created an application security tool with a custom AI engine that naturally takes advantage of the visibility and insight provided by our patented CPG-based scanning methodology. This has been a ‘fundamental unlock’ for the industry and for us as a company” said CEO McClure, who was previously both a coder and a technical writer. “The true breakthrough came with the recent advancements in AI, driven by sophistication in models, enhanced computing power and a growing pool of talent. The patented method of extracting information flows over CPG approaches code and software analysis differently, offering more comprehensive data flow analysis and critical context than other existing tools - allowing users to see not only vulnerabilities in the code, but also insight into whether it's reachable and exploitable by a bad actor. The company itself was founded around a technology known as a code property graph ( CPG) that provides unparalleled visibility into scanning code. Previously known as ShiftLeft, Qwiet AI changed its name this year in line with the fact that shifting left has now become a de facto action and a defined piece of terminology (jargon if you wish) in the global technology lexicon. McClure and team suggest that these tools produce ‘noisy’ results that disrupt the development process (we get it guys, you called the company Qwiet AI) without significantly enhancing application security. However, many argue that the challenge lies in the fact that the promise has often outpaced the technology, resulting in many AppSec tools lacking accuracy and speed. This concept of ‘shifting left’ (assuming we write from left to right) is the software industry’s term to describe firms that strategically move towards bringing security earlier into the development process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |