False Positive / False Negative
A false positive "reports" an issue when there is no problem.
Example: You run a vulnerability scan, and it says that your web server is missing Apache updates. When you talk to the website admin, he informs you that he has no Apache web servers, only Windows IIS.
A false negative should have caught the problem but missed it completely. For example, you know that your system is missing updates, but when you perform the vulnerability, it says all the updates are there.
In both cases, you need to tune your system.
Vulnerability scanners, IPSs, & IDSs are all prone to both false positives & false negatives.
No comments:
Post a Comment