Some of questions which you may (need to) ask your solution vendor when software security scanner and remediation solution is concerned:
- Do you know what the false positive rate of your solution is?
- Do you know what the false negative rate of your solution is? – Do not forget this one. 😊
- Do you offer remediation advice and how specific and precise is it?
- How do you verify that the remediation action recommended is right and efficient?
- Do you have a SAST scanning engine or do you use scan findings from another SAST tool?
- Which implementations do you have: software security as a service (SSaaS), cloud-based solution, on premises solution, plug-ins for IDEs, add-on for build and CI/CD systems?
Follow Glog.AI website and LinkedIn profile to learn more about automatic remediation of software security vulnerabilities.
Leave a Reply
You must be logged in to post a comment.