Methods and systems for reducing false positive findings
First Claim
1. A system for validating software security analysis findings, comprising:
- a non-transitory computer readable medium for storing;
a plurality of confidence scores designating confidence levels of a plurality of software security analysis tools of different categories;
findings generated by each software security analysis tool; and
a source truth dataset including criteria for validating characteristics of software security analysis findings; and
a processor configured to;
receive a first finding from a first software security analysis tool that performs a scan of application code;
identify a first characteristic from the first finding;
select, from the non-transitory computer readable medium, a criterion for validating the first characteristic;
determine a first validity factor by determining whether the selected criterion is met;
determine a second validity factor by retrieving, from the non-transitory computer readable medium, a confidence score associated with the first software security analysis tool;
determine a third validity factor by determining a number of findings stored in the non-transitory computer readable medium that overlap with the first finding;
determine a validity score for the first finding based on at least one of the first validity factor, the second validity factor and the third validity factor;
determine whether the first finding is false positive by comparing the validity score to a predetermined validity threshold; and
display the first finding on a graphical user interface when the first finding is true positive.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.
-
Citations
23 Claims
-
1. A system for validating software security analysis findings, comprising:
-
a non-transitory computer readable medium for storing; a plurality of confidence scores designating confidence levels of a plurality of software security analysis tools of different categories; findings generated by each software security analysis tool; and a source truth dataset including criteria for validating characteristics of software security analysis findings; and a processor configured to; receive a first finding from a first software security analysis tool that performs a scan of application code; identify a first characteristic from the first finding; select, from the non-transitory computer readable medium, a criterion for validating the first characteristic; determine a first validity factor by determining whether the selected criterion is met; determine a second validity factor by retrieving, from the non-transitory computer readable medium, a confidence score associated with the first software security analysis tool; determine a third validity factor by determining a number of findings stored in the non-transitory computer readable medium that overlap with the first finding; determine a validity score for the first finding based on at least one of the first validity factor, the second validity factor and the third validity factor; determine whether the first finding is false positive by comparing the validity score to a predetermined validity threshold; and display the first finding on a graphical user interface when the first finding is true positive. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for validating software security analysis findings, comprising:
-
storing, by a non-transitory computer readable medium, a plurality of confidence scores designating confidence levels of a plurality of software security analysis tools of different categories; storing, by the non-transitory computer readable medium, findings generated by each software security analysis tool; and storing, by the non-transitory computer readable medium, a source truth dataset including criteria for validating characteristics of software security analysis findings; receiving, by a processor, a first finding from a first software security analysis tool that performs a scan of application code; identifying, by the processor, a first characteristic from the first finding; selecting, by the processor, from the non-transitory computer readable medium, a criterion for validating the first characteristic; determining, by the processor, a first validity factor by determining whether the selected criterion is met; determining, by the processor, a second validity factor by retrieving, from the non-transitory computer readable medium, the confidence score associated with the first software security analysis tool; determining, by the processor, a third validity factor by determining a number of findings stored in the non-transitory computer readable medium that overlap with the first finding; determining, by the processor, a validity score for the first finding based on at least one of the first validity factor, the second validity factor or the third validity factor; determining, by the processor, whether the first finding is false positive by comparing the validity score to a predetermined validity threshold; and displaying, by the processor, the first finding on a graphical user interface when the first finding is true positive. - View Dependent Claims (20, 21, 22, 23)
-
Specification