Larkin wrote in an article published on Carahsoft.com how tools built on the generative pre-trained transformer technology like Veracode Fix could help software developers learn security techniques.
“It takes the next step from scanning code for flaws and vulnerabilities to showing developers how to fix the code before deploying it in an application,” he said of Veracode Fix.
Larkin explained how the company trains a model by identifying flaws through a scan, recognizing what type of flaw, mapping the code to known bad vulnerabilities and matching the bad code with good patches.
He discussed the company’s use of a “supervised learning model on a curated dataset” while meeting the government’s modernization and security requirements without relying on customer code references for future fixes.
“The approach ensures that we can provide our government customers with reliable fixes they can easily implement,” Larkin added.