Test and Verification -> Consolidation: Simple false positive treatment
Risk and Opportunity
Risk: As false positive occure during each test, all vulnerabilities might be ignored.
Opportunity: False positives are suppressed so they will not show up on the next tests again. Most security tools have the possibility to suppress false positives. A Vulnerability Management System might be used.
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: IR2-A
OWASP SAMM 2 Mapping: i-defect-management|A|2
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001 - too specific