Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
ISC2
CISSP
False Positive
dhufstader
I came across an interesting question in Boson that discusses false positives. A false positive is any instance in which something has been incorrectly identified. Let’s say that a business cannot upgrade some software that has known vulnerabilities due to incompatibilities. If the software is upgraded to patch the vulnerability then other critical business applications will not function correctly. Would this this vulnerability now be identified a false positive because of the business case?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
changlinn
No if the vulnerability is detected and it is un-patched it is a true positive. It would be called a false positive if you had another mitigation, eg a HIPS that blocked the attack, or the service that was vulnerable being disabled or inaccessible outside of the host.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
