Veracode False Positives - Fixing Vulnerabilities
How does the solution’s false-positive rate affect developer confidence in the solution when fixing vulnerabilities? Please explain.
Veracode's low false positive rate increases our developers' confidence. Some developers may have used a different solution in the past or may have had a different experience with another vendor. Therefore, I believe that initially, they may not be confident in Veracode when some vulnerable code is found in their primary code. This can sometimes make them feel unprofessional, but ultimately, since we are using a professional solution, their confidence will grow and become positive. This is because they will realize that if this code has vulnerabilities, the next time they release a project or application, they need to be very transparent and careful to avoid any problems. Therefore, the initial confidence may be shaken, but as developers get used to Veracode, it becomes much easier and their confidence in developing improves.
View full review »When it comes to developer confidence, the low false-positive rate is very important. If they use a tool with a lot of false positives, they won't believe the reports they get. And that's important because if the teams don't like a tool, they won't use it.
View full review »Veracode's false positives are beneficial for our developers as they assist in organizing and understanding the implications of these false positives.
View full review »JV
reviewer2183154
Manager Consultant at a tech services company with 1-10 employees
Veracode's low false positive rate is key to our ability to avoid being burdened by false alerts and focus on fixing code.
View full review »A seasoned developer with the appropriate mindset understands the necessity of fine-tuning regarding false positives, as this can impact novice developers.
View full review »The developers are more confident while fixing vulnerabilities due to the solution’s low false-positive rate.
View full review »False positives are rare. Veracode provides us with enough information about the issue, so we can usually identify them as we go through the report. We are also learning from the issues and from Veracode itself. If a false positive is reported, it is fine and does not have a significant impact on us.
View full review »CM
reviewer2296401
CyberSec professional at a manufacturing company with 5,001-10,000 employees
We can add notes to any false positives during static analysis testing so that our developers can see the notes and avoid wasting time on them.
View full review »We can easily identify vulnerabilities. Many others, like Microsoft, aren't able to catch certain vulnerabilities. This is much more effective.
View full review »