×

Methods and systems for reducing false positive findings

  • US 10,395,041 B1
  • Filed: 10/31/2018
  • Issued: 08/27/2019
  • Est. Priority Date: 10/31/2018
  • Status: Active Grant
First Claim
Patent Images

1. A system for validating software security analysis findings, comprising:

  • a non-transitory computer readable medium for storing;

    a plurality of confidence scores designating confidence levels of a plurality of software security analysis tools of different categories;

    findings generated by each software security analysis tool; and

    a source truth dataset including criteria for validating characteristics of software security analysis findings; and

    a processor configured to;

    receive a first finding from a first software security analysis tool that performs a scan of application code;

    identify a first characteristic from the first finding;

    select, from the non-transitory computer readable medium, a criterion for validating the first characteristic;

    determine a first validity factor by determining whether the selected criterion is met;

    determine a second validity factor by retrieving, from the non-transitory computer readable medium, a confidence score associated with the first software security analysis tool;

    determine a third validity factor by determining a number of findings stored in the non-transitory computer readable medium that overlap with the first finding;

    determine a validity score for the first finding based on at least one of the first validity factor, the second validity factor and the third validity factor;

    determine whether the first finding is false positive by comparing the validity score to a predetermined validity threshold; and

    display the first finding on a graphical user interface when the first finding is true positive.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×