|
|
|
|
|
|
by freeqaz
1430 days ago
|
|
|
This is compliance vs security. Finding vulns checks a box for SOC2, but in reality detection is the easy part. Figuring out what to fix, based on real-world usage and risk, requires much more work and is often ignored. I'm sorry you're on the receiving end of this problem! Shill notice: I'm working on an Open Source tool[0] that makes this problem less horrible. My colleague wrote a post about our hypothesis[1] about how we can avoid this false positive trap. I'd love to chat with anybody feeling this pain (even just as therapy lol). 0: https://github.com/lunasec-io/lunasec 1: https://www.lunasec.io/docs/blog/the-issue-with-vuln-scanner... |
|
|