Test and Verification -> Consolidation: Simple false positive treatment
Risk and Opportunity
Risk: As false positive occure during each test, all vulnerabilities might be ignored.
Opportunity: False positives are suppressed so they will not show up on the next tests again.
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
Implementation hints: Most security tools have the possibility to suppress false positives.
OWASP SAMM 1 Mapping: IR2-A
OWASP SAMM 2 Mapping: i-defect-management|A|2