OpenText Partnership Targets Software Supply Chain Fears

Software supply chain attacks have become a dominant threat vector for cyber criminals, who increasingly target vulnerabilities in third-party code to breach multiple organisations through a single compromise. These attacks exploit weaknesses in the development process, where pressure to deliver code quickly can lead to security oversights.

The challenge has prompted a shift towards ‘secure by design’ principles, where security controls are embedded throughout the development lifecycle rather than added as an afterthought. This approach requires developers to understand and implement security practices while writing code, creating demand for integrated security training solutions.

As a result, OpenText has announced that it has integrated Secure Code Warrior’s developer training platform into its Fortify application security product suite, as organisations face mounting pressure to address software supply chain vulnerabilities.

Secure Code Warrior provides organisations with secure coding training platforms that help developers learn and apply security principles during the software development process.

Supply chain attacks drive need for enhanced developer training

The partnership comes as OpenText’s 2024 Global Ransomware Survey reveals 62% of ransomware attacks in the past year originated through software supply chain partners, highlighting vulnerabilities in third-party code.

The integration follows guidance from the US Cybersecurity and Infrastructure Security Agency (CISA) in April 2024, which urged organisations to evaluate software suppliers' cybersecurity practices as part of its Secure by Design framework.

Organisations are responding to these threats by implementing DevSecOps practices, which integrate security measures throughout the software development lifecycle rather than applying them at the end of the process.

OpenText Fortify and Secure Code Warrior target developer risk management

The combined platform enables development teams to receive security training whilst writing code, with the aim of identifying and fixing vulnerabilities during the development process rather than after deployment.

The integration converts static application security testing findings from Fortify into specific training modules. These modules provide developers with guidance on addressing identified vulnerabilities in both application code and APIs.

Muhi Majzoub, Executive Vice President and Chief Product Officer at OpenText, says: “Every organisation is affected by insecure code – whether they're a software company or simply using third-party software. Today, securing code is a fundamental requirement, not just a best practice. It’s essential for protecting the organisation, its customers and its partners.”

The platform includes benchmarking capabilities that enable organisations to measure their security programme performance against industry peers. This data-driven approach aims to help security teams identify areas for improvement in their development practices.

Security teams using the integrated solution can now incorporate real-time risk management training within the coding process. This approach enables development teams to maintain productivity without compromising security standards, reducing both the likelihood of introducing vulnerabilities and the time required for remediation.

Integration aims to transform security into business advantage

The partnership focuses on transforming security practices from a regulatory requirement into a competitive differentiator. By embedding security early in the development process, organisations can demonstrate robust cybersecurity practices to customers and partners.

The combined solution provides targeted developer training that transforms Fortify’s static application security testing findings into customised secure code training. This integration aims to equip developers with skills for efficient vulnerability identification and remediation.

AI-generated code creates new security challenges

The rise of AI in software development has created additional security considerations for development teams. These challenges require developers to understand both traditional security principles and emerging threats specific to AI-generated code.

OpenText Cybersecurity, which provides security solutions for organisations of all sizes, positions the integration as part of a unified security approach. The company's platform encompasses prevention, detection, response, recovery, investigation and compliance capabilities.

Pieter Danhieux, CEO and Co-founder of Secure Code Warrior, says: “In our new era of ‘AI-written code,’ it is important that software engineers develop critical thinking skills to spot insecure and secure coding patterns, understand Secure-by-Design principles and new AI security issues. Secure Code Warrior makes it possible for OpenText customers to remediate vulnerabilities faster and address these issues at the root cause. Our customers see a 53% vulnerability reduction and 2x faster remediation with their developers.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 

Cyber Magazine is a BizClik brand