What is a False Negative?

A false negative is the opposite of a false positive (go figure!). You may run a security scanner like Nessus and for one reason or another it may miss a vulnerability that may in fact exist. Possible reasons for a false negative include a check not yet being written (maybe the vulnerability is to new?), user error (maybe you didn't select the right policy, or maybe your configuration needs tweaking), or some other good explanation. If you think that something was missed that shouldn't have been calmly work with the author/vendor of the product that you're using to try and address your concerns.

See Also:
What is a False Positive?


Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Remember personal info?