Q: When you use vulnerability scan tools, how do you deal with false positive or false negative findings?
Here are the answers from the SecPro community members on False Results in Vulnerability Scanning Tools:
We are currently levering manual check or chain the findings to different scanner for cross validation. In the future, we can consider feinged the false positive or false negative findings to machine learning models to filter out low risk ones and reduce the load of manual checking or different scanner cross validation.
– Alex Wang, Security Operations
In my experience, that will depend on the maturity level of the organization. The more training you have, the easier it is to identify false positives. It requires the team to be constantly learning and as much as possible with access to state-of-the-art tools for this purpose.
– Antonio, Operations Manager
The business data was covered by another device, and this was attacked (an OpenBSD server) with no success, it was a just a proxy. However since that day everything is logged and if an anomaly is found is considered a possible attack.
My answer is surely incomplete, however, we are a small team, since is a local consultant group, but I am trying to step up my game since there is little to no interest on my state (Mexico) to do something to keep data safe, passwords hashed, software updated, etc.
– Francisco, Business Consultant and Software Developer
The SecPro is a weekly security newsletter to help you stay sharp and upgrade your skills with trending threat insights, practical tutorials, hands-on labs, and useful resources. Build skills in as little as 10 minutes. Join the newsletter here.