False Positive: Overview

High-level overview of the false positive workflow.

While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible.  For cases where a scanner identifies a vulnerability that is confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark that finding as a False Positive (FP).

Once a scanner finding/vulnerability is marked as a false positive, that finding will remain as a false positive unless a user manually removes it from that state or the false positive status expires. Users do not have to account for or address those vulnerabilities marked as false positive each time they are erroneously identified by a scanner.

Vulnerabilities marked as false positive are removed from the RiskSense Security Score (RS³) calculations entirely, providing neither negative or positive impact.

There are three states associated with the false positive workflow.

  • FP Requested: The false positive request was submitted and is awaiting manager approval.
  • FP Approved: The false positive request was approved by a manager.
  • FP Reworked: The manager received the false positive request but selected this option because the finding needs more justification for approval.

When a manager receives the false positive request and outright rejects it, the state will revert to Assigned.