SAMMY UI is optimized for resolutions with a width 1024px and higher.
DSOMM
Browse DSOMM
T-CO-1-1: Fix based on severity
T-CO-1-2: Simple false positive treatment
T-CO-1-3: Treatment of defects with severity high or higher
T-CO-2-1: Simple visualization of defects
T-CO-3-1: Fix based on accessibility
T-CO-3-2: Integration in development process
T-CO-3-3: Integration of vulnerability issues into the development process
T-CO-3-4: Treatment of defects with severity middle
T-CO-3-5: Usage of a vulnerability management system
T-CO-3-6: Treatment of defects per protection requirement
T-CO-4-1: Advanced visualization of defects
T-CO-4-2: Reproducible defect tickets
T-CO-5-1: Treatment of all defects
Integration in development process
T-CO-3-2: Integration in development process
  • Integration of findings into the development process. E.g. adding findings to the backlog of products teams.
Description

Validating Findings by Security Engineers Pros: - Ensures accuracy and relevance of findings before they reach product teams - Reduces false positives, saving development teams time and effort - Might provides a layer of expertise in assessing the severity and impact of vulnerabilities Validating Findings by Security Engineers Cons: - Requires a sufficient number of skilled security engineers, which might be challenging for some organizations - May slow down the process if security engineers are overloaded with validation tasks - For Software Composition Analysis findings (known vulnerabilities) I, as a sec. eng., struggle to analysis if it is a false positive/true positive due to a lack of insights in the application Pushing Findings Directly to Product Teams Pros: - Accelerates the process by immediately notifying product teams of potential vulnerabilities - Empowers product teams to take swift action in addressing security issues Pushing Findings Directly to Product Teams Cons: - Increases the workload on product teams, potentially leading to frustration