Mitigation Management

Exceptions Need an Audit Trail

While most security defects can be fixed by changing the code, there are exceptions. For example, a business owner accepting the risk, mitigations that are made outside the code, and false-positive results. This workflow needs to be easy to use, include the appropriate checks and balances, and create an audit trail.

Veracode provides efficient workflows for managing findings, ensuring compliance, and establishing audit trails through streamlined remediation processes and standardized workflows for false-positive and mitigation management.

Standardize Mitigation Workflows

Meet auditors’ mandate for checks and balances for approving process exceptions. Standardize mitigating controls through the Veracode TSRV framework (technique, specifics, remaining risk, and verification). Keep developers moving when issues can’t be resolved, by documenting compensating mitigation control, which is reviewed by your security team or Veracode secure coding experts.

Get Reliable, High-Accuracy Results

With a false-positive rate of 1 percent out of the box, developers can minimize distractions and focus on critical tasks. If a false positive is discovered, developers can easily flag to security to close in future scans and log in an audit. Through a continuous feedback loop, Veracode’s intelligent engines and world-class research team examine all feedback to improve future results for all customers.

Learn More

Get Live Insights From Coding Experts

Schedule a live, personalized virtual session to review particularly challenging issues with our world-class coding experts. Get prescriptive guidance to build, mature, and scale impactful AppSec programs with Veracode Customer Success Packages.

Discover More

Secure Your Software One Line at a Time

Request Demo