We’ve just published a new blog:
I’ve said before that accurate analysis and killing the noise are key to developer-led security. As an issue of credibility, developers have to know that when we raise a Vulnerability issue, there is something to fix.
But there’s another class of security issues, a class that can never be clear-cut. Each issue in this class has a 50/50 chance of being a real Vulnerability or of being no big deal at all. At SonarSource, our SAST mission is to eliminate false positives but we can’t simply ignore this class because these issues can represent real Vulnerabilities and our goal is to provide a complete SAST offering.
Read the rest in the blog!