Security teams constantly struggle with managing high levels of false positives making it difficult to prioritize risk. Rapid7’s data science research group has published a groundbreaking new paper showing how machine learning can significantly improve prioritization of application security vulnerabilities and reduce the friction caused by false positives.
Led by Senior Data Scientist, Stuart Millar, the multidisciplinary group used a novel deep learning model leveraging convolutional neural networks and natural language processing to better predict which vulnerabilities are true, and which are false positives.
The approach is a hybrid DAST/ML model that first identifies vulnerabilities and then applies machine learning to triage them
Testing indicated some 96% of false positives were filtered out through this approach
With hundreds of predictions per second able to be considered, this approach will create significant time and resource savings