Designing test cases that accurately identify defects in software can be challenging. As scanners run and tests are conducted, false negatives happen when problems aren’t picked up even though there are bugs or vulnerabilities in the application being tested. In the case of a false negative, the test passes when a bug or security vulnerability is in fact present or the functionality is not working as it should.
The more times testing tools and strategies give false negatives (as well as false positives), the less reliable and useful the results. Though both of these are a problem, a false negative is more damaging because it lets a problem go undetected, creating a false sense of security. Whereas a false positive may consume a lot of a tester’s energy and time, a false negative allows a bug to remain in the software. For this reason, software development teams need to use testing tools and strategies they can trust to accurately assess and report on the quality of their software.
Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.