Test and Verification -> Consolidation: Simple false positive treatment
Risk and Opportunity
Risk: As false positive occur during each test, all vulnerabilities might be ignored.
Opportunity: False positives are suppressed so they will not show up on the next tests again. Most security tools have the possibility to suppress false positives. A Vulnerability Management System might be used.
- OWASP Defect Dojo, Link, Tags:
- Purify, Link, Tags: vulnerability management system
Usefulness and Requirements of this Activity
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001 - too specific