Questions for Software Security Scanner and Remediation Solution Vendor

Some of questions which you may (need to) ask your solution vendor when software security scanner and remediation solution is concerned:

  1. Do you know what the false positive rate of your solution is?
  2. Do you know what the false negative rate of your solution is? – Do not forget this one. 😊
  3. Do you offer remediation advice and how specific and precise is it?
  4. How do you verify that the remediation action recommended is right and efficient?
  5. Do you have a SAST scanning engine or do you use scan findings from another SAST tool?
  6. Which implementations do you have: software security as a service (SSaaS), cloud-based solution, on premises solution, plug-ins for IDEs, add-on for build and CI/CD systems?

Follow Glog.AI website and LinkedIn profile to learn more about automatic remediation of software security vulnerabilities.

Leave a Reply