Video: Reducing the noise using Fortify (2020)



In AppSec, security scan noise is an issue that slows down fast software development. Noise is all output that is considered irrelevant or not worth acting upon by users. If there is too much noise, this can have detrimental effects on the success of implementation:

- For security auditors, they can be swamped auditing results

- If this noise ends up with developers’ directly, they may lose confidence in the tool

There are a subset of scan findings where the Fortify static scan tool worked as intended; however, the issue is considered irrelevant due to the context, risk appetite, etc.

YouTube link:

Caroline Oest

Micro Focus Customer Experience Marketing

If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’


Comment List
Related Discussions