Exceptions Need an Audit Trail
While most security defects can be fixed by changing the code, there are exceptions. For example, a business owner accepting the risk, mitigations that are made outside the code, and false-positive results. This workflow needs to be easy to use, include the appropriate checks and balances, and create an audit trail.
Veracode provides efficient workflows for managing findings, ensuring compliance, and establishing audit trails through streamlined remediation processes and standardized workflows for false-positive and mitigation management.
Standardize Mitigation Workflows
Meet auditors’ mandate for checks and balances for approving process exceptions. Standardize mitigating controls through the Veracode TSRV framework (technique, specifics, remaining risk, and verification). Keep developers moving when issues can’t be resolved, by documenting compensating mitigation control, which is reviewed by your security team or Veracode secure coding experts.