Fork me on GitHub

TestAndVerification -> Consolidation: Treatment of defects with severity middle

Risk and Opportunity

Risk: Vulnerabilities with severity middle are not visible.
Opportunity: Vulnerabilities with severity middle are added to the quality gate.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Comments: False positive analysis, specially for static analysis, is time consuming.

OWASP SAMM VERSION 2

ISO27001 2017