Introducing Triage Assistant

Reduce your triage times by thousands of hours through the power of Machine Learning.

The time problem in AppSec triage

Every AppSec professional knows that triage—the process of sifting through AppSec test results to flag the vulnerabilities that matter—takes way too long. AppSec testing tools produce thousands of findings, but two-thirds of them are just noise.

According to the NIST SATE V report, 66% of all findings are noise

That means two-thirds of the time spent on triage is wasted effort. How much time is wasted?
On average, reviewing one finding takes 10 minutes.
On average, one round of testing produces 10,000 results.

That’s 100,000 minutes—1,666 hours—208 full business days.

Of those 208 work days, 137 are spent on false positive or irrelevant findings. In other words, that’s six labor months of wasted time, effort, and money.

Triage Assistant was created to solve this problem. The Code Dx platform was built to simplify and automate AppSec workflows in each stage of the SDLC, and Triage Assistant is part of that. This technology makes it possible for you to grow your DevOps program at scale, without the AppSec Bottleneck.

Triage Assistant is customized for each individual organization

Triage Assistant uses machine learning to “learn” over time which findings matter to your organization—and which don’t—based on triage decisions for similar findings. This machine learning technology creates a unique profile for each organization.

There is no one-size-fits-all solution to AppSec Triage. The vulnerabilities that matter the most to a bank aren’t identical to those that matter to a car manufacturer. Organizations may need to follow one set of compliance standards while another doesn’t. The only way to automate this is for each organization to have a customized Triage Assistant—which is exactly what Code Dx is offering.

How it Works

  • You have several applications that are scanned through your AppSec testing tools.
  • The results are sent to an analyst to review, where they will flag some findings as important and others as irrelevant.
  • The information about the findings and the triage decision are sent to Code Dx’s Triage Assistant engine.
  • Machine learning is then used to automatically recommend which findings to escalate, and which you will likely ignore. These predictions are tailored to your organization, across all your tools and applications. All this is done within your firewall; no sensitive data is exposed.

The results have been astounding. Code Dx’s Triage Assistant eliminates countless hours of wasted effort, helping your AppSec team cut through the noisy results and focus on what matters to you.

Want to learn more about Triage Assistant? Schedule a live demo today.