29 - False Negatives
False Negatives are missed findings that should have indicated the presence of vulnerabilities but which are in fact are not reported at all. Such false negatives could be due to incorrect assumptions or inaccuracies in analysis which do not correctly consider the minimum factors required for the actual presence of vulnerabilities.
- False negatives, per definition, are not reported or even realised unless a different analysis reveals their presence or the vulnerabilities are exploited
- High number of false negatives lowers the confidence in the effectiveness of the earlier manual/automated analysis.
- Missed Flagging Vulnerabilities
- Incorrect Assumptions or Analysis Inaccuracies
- Increases Risk
- Decreases Confidence
- True vs False Negatives