Hacker News new | ask | show | jobs
by tantalic 1071 days ago
This is problem of misaligned incentives: if you are making a security scanner the last thing you want to do is miss a vulnerability. The result is many false positives.
2 comments
fsociety 1070 days ago
Alternatively, companies aren’t willing to pay for an automated security scanner that attempts to exploit potential vulnerabilities under fear of what it might do to their systems.
link
didntcheck 1071 days ago
As is often the case, people only think about sensitivity and don't consider specificity
link