Veracode reported process control issue in a cobol code, but the dev team is saying that the vulnerability is reported in third party library and is not in control. How to deal with such kind of SAST scenarios. How to know if it's really third party or custom code? Google search might not help
submitted by /u/Desperate_Bath7342
[comments]
Source link