False Negative
Understanding False Negative Security Vulnerabilities: Challenges and Solutions
Minimize False NegativesTable of Contents
What is a false negative?
Designing test cases that accurately identify defects in software can be challenging. As scanners run and tests are conducted, false negatives happen when problems aren’t picked up even though there are bugs or vulnerabilities in the application being tested. In the case of a false negative, the test passes when a bug or security vulnerability is in fact present or the functionality is not working as it should.
The more times testing tools and strategies give false negatives (as well as false positives), the less reliable and useful the results. Though both of these are a problem, a false negative is more damaging because it lets a problem go undetected, creating a false sense of security. Whereas a false positive may consume a lot of a tester’s energy and time, a false negative allows a bug to remain in the software. For this reason, software development teams need to use testing tools and strategies they can trust to accurately assess and report on the quality of their software.