tag:blogger.com,1999:blog-13756280.post6185532932844169909..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Which mountain would you rather climb?Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-13756280.post-68672906733418322662012-04-11T19:51:40.201-07:002012-04-11T19:51:40.201-07:00Hey,if thats the way,i wud like to climb to mount ...Hey,if thats the way,i wud like to climb to mount everest,as if we get there,getting famour will not take timeerichttp://whitehatbloggers.comnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-74100486460930140552010-12-27T15:28:36.404-08:002010-12-27T15:28:36.404-08:00@AppSec: Much of the infosec industry is littered ...@AppSec: Much of the infosec industry is littered with terms or phrases we'd prefer to do away with. Unfortunately, changing ingrained language is tough, and engaging in such battles is one where we should choose very wisely. For me, the general use of the term false-positive is OK in my estimation. Cross-Site Scripting, now that's a whole other matter entirely. :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-61991569333285085592010-12-23T06:44:27.173-08:002010-12-23T06:44:27.173-08:00I hate the phrasing false positive. It's like ...I hate the phrasing false positive. It's like a double negative.<br /><br />There's really misconfigured/defined policies and then theres an acceptance of a valid finding. <br /><br />Those findings of the word password in a comment are correct, but they carry 0% risk. that is not a false postive. <br /><br />The scanner that returns a XSS vulnerability because it doesn't undrestand that a static final variable doesn't change and won't accept user input is a misconfigured policy.<br /><br />They are two different things.AppSecnoreply@blogger.com