Test and Verification -> Consolidation: Usage of a vulnerability management system
Risk and Opportunity
Risk: Maintenance of false positives in each tool enforces a high workload. In addition a correlation of the same finding from different tools is not possible.
Opportunity: Aggregation of vulnerabilities in one tool reduce the workload to mark false positives.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Low
OWASP SAMM 2 Mapping: i-defect-management|B|1
ISO27001:2017 Controls Mapping: