Mitigation Management

Efficiently Manage Exceptions to Fixing Code

Exceptions Need an Audit Trail

While most security defects can be fixed by changing the code, there are exceptions. For example, a business owner accepting the risk, mitigations that are made outside the code, and false-positive results. This workflow needs to be easy to use, include the appropriate checks and balances, and create an audit trail.

Veracode provides efficient workflows for managing findings, ensuring compliance, and establishing audit trails through streamlined remediation processes and standardized workflows for false-positive and mitigation management.

Standardize Mitigation Workflows

Meet auditors’ mandate for checks and balances for approving process exceptions. Standardize mitigating controls through the Veracode TSRV framework (technique, specifics, remaining risk, and verification). Keep developers moving when issues can’t be resolved, by documenting compensating mitigation control, which is reviewed by your security team or Veracode secure coding experts.

Secure Your Software One Line at a Time