OpenText 擁有數十年的專業知識,可幫助您釋放資料、連結人員和流程,並以信任推動 AI
在您的企業中無縫統一資料,消除孤島、改善協作並降低風險
做好 AI 準備,並將您的資料轉化為結構化、可存取且優化的資訊
滿足法規和合規要求,並讓資訊在整個生命週期中受到保護
以全新的方式查看資訊
AI 了解您的企業、您的資料與您的目標
迎向更快速的決策。您的安全個人 AI 助理已經準備好開始工作
利用供應鏈的相關生成式 AI 獲得更深入的見解
利用 AI 內容管理和智能 AI 內容助手提升工作效率
加快應用程式的交付、開發和自動化軟體測試
提升客戶溝通與體驗,促進客戶成功
賦能使用者、服務代理和 IT 人員,讓他們找到所需的答案
以全新的方式查看資訊
AI 了解您的企業、您的資料與您的目標
迎向更快速的決策。您的安全個人 AI 助理已經準備好開始工作
利用供應鏈的相關生成式 AI 獲得更深入的見解
利用 AI 內容管理和智能 AI 內容助手提升工作效率
加快應用程式的交付、開發和自動化軟體測試
提升客戶溝通與體驗,促進客戶成功
賦能使用者、服務代理和 IT 人員,讓他們找到所需的答案
只需連結一次,即可透過安全的 B2B 整合平台觸及任何目標
以具備 AI 的內容管理解決方案重新構想知識
利用 AI 驅動的 DevOps 自動化、測試和品質,更快速交付更優質的軟體
以難忘的客戶體驗重新構思對話
獲得所需的清晰度,以降低 IT 營運的成本和複雜性
使用經過驗證的 OpenText 資訊管理技術建立自訂應用程式
安全資訊管理與可信賴的 AI 相遇
一個統一的資料架構,可提升資料和 AI 的可信度
一個可以使用資料語言建置、部署和迭代代理程式的地方
一套用於幫助擷取資料和自動添加元資料標記的工具,以推動 AI 發展
一套服務和 API,使治理變得主動且持久
專業服務專家協助您踏上 AI 旅程
以全新的方式查看資訊
AI 了解您的企業、您的資料與您的目標
迎向更快速的決策。您的安全個人 AI 助理已經準備好開始工作
利用供應鏈的相關生成式 AI 獲得更深入的見解
利用 AI 內容管理和智能 AI 內容助手提升工作效率
加快應用程式的交付、開發和自動化軟體測試
提升客戶溝通與體驗,促進客戶成功
賦能使用者、服務代理和 IT 人員,讓他們找到所需的答案
SageBusiness software giant chooses OpenText™ Fortify™ on Demand to protect customer data from a new world of threats


Millions of business customers worldwide rely on Sage for mission-critical accounting, finance, and human capital management software. Naturally, with sensitive commercial and personal data being processed daily, security is essential. Across some 250 applications, from desktop software through server, cloud, and mobile apps, Sage faces a significant challenge in keeping its complex portfolio protected against emerging threats.
Richard Newbould, Senior Application Security Specialist, said, “The most important thing to Sage Group plc is most definitely the customer. We want to make sure the customer has the best journey and the best solution to solve their problems. In a fast-paced, cloud-connected world with lots of outside threats, we want to provide the most secure and safe product the customers can use, with the best functionality.”
He continued, “There's always a new attack vector, something new to think about, and a new risk. We have software built in the 1980s and cloud-native solutions built six months ago, with everything in between. With such a wide variety of products, no two days are the same.”
Duncan Graham, Application Security Specialist, agreed: “We provide customers with the products that they need to run their business without having to think about the numbers and the complexities. Our products make accountancy, payroll, and human capital management as painless as possible.”
For Sage, competing in the global economy, application security is more than a technical concern. Security breaches erode trust and reduce the pace of innovation, both of which potentially damage revenue.
Graham added, “Security has changed from being an end-of-design stage with a pen test to an integral part of the security lifecycle. For that, we look for the best tooling that can help us deliver on our customer promises.”

As AI threats become more prevalent, we value our ongoing relationship with OpenText, who are helping us secure Sage as we move forward.
To manage a complex environment with applications written in multiple languages running on diverse platforms, Sage selected Fortify on Demand and OpenText™ Fortify™ Remediation Aviator™.
Unlock security testing, vulnerability management, and tailored expertise and support
Move from noise to outcomes with AI that shows the code fix, not just the flaw
Continuously test live apps to find real-world vulnerabilities
Modernize your information management with certified experts
Sage took time to evaluate a number of vendors, assessing their capabilities and how their tools would integrate with its existing landscape. With multiple products spanning customer needs in an enormous variety of scenarios, flexibility and the range of addressable systems were key selection criteria.
“The great thing about Fortify on Demand is that it provides us with a platform that works with so many different languages and environments. It's a good, reliable tool that is easy to set up and gives good intelligence with minimal false positives,” explained Graham.
“In addition, the solution is easy to configure and works with our vulnerability management tools. It’s no longer just security specialists who are using the toolset, it's the whole product development team who are comfortable using it and are learning from it.”
The main challenge for Sage was to integrate Fortify on Demand with the existing software development lifecycle. Sage wanted to help developers build code securely from the outset rather than retrofitting security measures after penetration testing.
Newbould added, “One of the big challenges is the requirement to shift left, to bring security earlier into the development chain. Fortify on Demand gives us that functionality, because we can run static application security testing as soon as we start writing code. By having that at such an early stage, long before we hit any release timeframe, we know that the code is safe and secure.”
For any testing program, working through false positives can become a significant drain on developer time. Finding the appropriate level of sensitivity in vulnerability detection is particularly important to Sage as it seeks to balance productivity and workflow with security standards. Fortify Remediation Aviator helps the company identify threats based on the power of advanced machine learning models, enabling busy developers and security professionals to focus more on productivity and customer satisfaction.
Graham commented, “We selected Fortify Remediation Aviator, which gives us the opportunity to eliminate false positive findings and direct the team to the issues that really matter.”

The OpenText partnership is friendly and open, and whenever we've had issues, the speed of support has been outstanding. We certainly trust OpenText as a strategic partner for Sage.
By combining static and dynamic application security testing, the OpenText solutions help Sage protect its global user base while optimizing internal developer workflows.
The OpenText technologies enable Sage to scan legacy and modern applications for a broad range of potential security issues within a single toolset. DAST and SAST can be integrated into CI/CD pipelines or run as one-off scans on completed projects. For all use cases, products, and security requirements, Sage can detect, diagnose, and resolve potential application security issues from a single point of control.
Graham said: “Fortify on Demand helps us with a number of challenges across many environments and development languages. We scan at every pull request, which gives us very, very early warning of any potential vulnerabilities or improvements that could be made. In this way, the solution teaches us to improve our processes from the very start.”
The ability to scan for security issues earlier in the development lifecycle saves significant time and effort for software teams across Sage. By the time release builds are created, Sage is already confident that the code is secure—which translates into fewer sleepless nights for developers.
“We often talk internally about the rule of ten,” said Graham. “An issue that takes one person an hour to fix in development typically takes ten hours to resolve at the testing stage, and another ten times that if it gets into production. With Fortify Remediation Aviator in particular, we're finding vulnerabilities much sooner, fixing them earlier in the software development lifecycle, and discovering fewer vulnerabilities during pen testing.”
By bringing security management into one place with OpenText, Sage has gained greater system-wide visibility of potential vulnerabilities. The senior leadership trusts the findings generated by the OpenText tools, which in turn gives confidence to global customers using Sage products.
Graham said, “As AI threats become more prevalent, we value our ongoing relationship with OpenText, who are helping us secure Sage as we move forward.”
Newbould added, “The OpenText partnership is friendly and open, and whenever we've had issues, the speed of support has been outstanding. We certainly trust OpenText as a strategic partner for Sage.”
Looking to the future, Sage is now rolling out Fortify DAST to protect its web applications. Newbould said, “We chose OpenText Fortify DAST in part because of the existing fantastic relationship with OpenText; it felt like a natural fit. The massive benefit was the fact that we could run our own macros to set up the authentication part of accessing a web application, which was far superior to other marketplace offerings.”

With AI that shows the code fix, not just the flaw, Fortify Remediation Aviator is more than just a tool—it’s a developer’s personal security champion that empowers development teams to release secure software faster and with greater confidence.
