Leading provider of SAST tool on the market asked us to analyze their scan results and security vulnerabilities findings in two popular projects. Here are results (names and results redacted due to confidentiality and sensitivity).

Here are results of Glog solution work on it:

Project Commercial Tool – Number of Findings False Positives (FP)  detected by Glog in SAST tool report True Positives (TP) found by Glog Remediation Advice provided by Glog
AH 3,466 3,460 6 Yes, for all TPs
OAM 9,028 8,985 43 Yes, for all TPs

 

Applications AH and OAM scanned by leading SAST tool on the marked and 24,988 security findings reported in total by that tool.

Based on experience, average time to analyze and resolve 2 hours per finding (Note: it can vary from couple of minutes to even weeks per security finding)

Estimated total time to resolve these findings using standard methods:

  • ~ 49,976 hours
  • ~ 329 man/months (effective 152 hours / month)
  • ~ 27.4 years

Glog confirmed total of 49 true positive (TP) findings and offered very precise remediation advice.

Glog did it in less then 2 working days for these big projects, together with remediation advice!

 

Work in progress with couple of popular tools including messengers and similar.