Fork me on GitHub

Test and Verification -> Consolidation: Simple false positive treatment

Risk and Opportunity

Risk: As false positive occure during each test, all vulnerabilities might be ignored.
Opportunity: False positives are suppressed so they will not show up on the next tests again. Most security tools have the possibility to suppress false positives. A Vulnerability Management System might be used.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 1 Mapping: IR2-A
OWASP SAMM 2 Mapping: i-defect-management|A|2
ISO27001:2017 Controls Mapping: