Video: Reducing the noise using Fortify (2020)

0 Likes
10 months ago

 

In AppSec, security scan noise is an issue that slows down fast software development. Noise is all output that is considered irrelevant or not worth acting upon by users. If there is too much noise, this can have detrimental effects on the success of implementation:

- For security auditors, they can be swamped auditing results

- If this noise ends up with developers’ directly, they may lose confidence in the tool

There are a subset of scan findings where the Fortify static scan tool worked as intended; however, the issue is considered irrelevant due to the context, risk appetite, etc.

YouTube link: https://www.youtube.com/watch?v=6CjUVA3I_rk

Labels:

Videos
Comment List
Anonymous
Related Discussions
Recommended