About setting prediction policies

To use Fortify Audit Assistant to make predictions about your analysis results, you must first define at least one prediction policy. A prediction policy establishes confidence thresholds for its predictions. There are two confidence thresholds to set:

• False Positive

• Exploitable

The default confidence thresholds are set at 80%, but you can set them between 0 and 100%, in 10 percent increments. An increase in the confidence thresholds increases the confidence in your results and reduces the number of results to just those that meet or exceed the threshold set. By adjusting the thresholds, you can fine tune the prediction policy to your software environment.

Although you can adjust these values, OpenText suggests that you use the default settings for a while before adjusting them. As you use Fortify Audit Assistant, the training data you provide will positively impact your results and you might find that the results of your initial scans dramatically improve.

A prediction is not made if the minimum confidence threshold is not met. Confidence levels beneath the confidence thresholds are indeterminate—Fortify Audit Assistant cannot provide an assessment based on the set confidence level.

After you assess the impact of training on your results, you can adjust the thresholds if you find you are receiving too much noise. The higher you set a threshold, the more confidence Fortify Audit Assistant has in its predictions. This results in fewer hits as only those vulnerabilities that meet or exceed the confidence threshold level are identified as False Positive or Exploitable.

For detailed instructions on how to define prediction policies in Fortify Audit Assistant, see the Fortify Audit Assistant Help in the Fortify Audit Assistant Documentation.

See Also

Configuring Fortify Audit Assistant options for an application version

Configuring Fortify Audit Assistant

About Fortify Audit Assistant auto-prediction