False Positive

False positives occur when a scanning tool, web application firewall (WAF), or intrusion prevention system (IPS) incorrectly flag a security vulnerability during software testing. False positives describe the situation where a test case fails, but in actuality there is no bug and functionality is working correctly. Because false positives need to be checked out and this can be a time-consuming process, they typically eat up valuable IT bandwidth that should be applied to more important tasks.

High rates of false positives are efficiency disrupters, having a drag effect on IT software development and testing teams. While a false positive is improperly indicating the presence of a problem when in reality one does not exist (the software is functioning as intended), the false negative is the opposite, giving you a false senses of security by indicating you don’t have a vulnerability when in fact you do.