Pulse of Truth

1234 readers

79 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

91% noise: A look at what’s wrong with traditional SAST tools (www.helpnetsecurity.com)

submitted 1 week ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

0 comments fedilink hide all child comments

Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false positives. The Exorcising the SAST Demons report comes from Ghost Security, which scanned public GitHub projects in Go, Python, and PHP. The study focused on three vulnerability types commonly found in real-world apps: SQL injection, command injection, … More → The post 91% noise: A look at what’s wrong with traditional SAST tools appeared first on Help Net Security.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here