Incorporate education and training into vulnerability findings
If a developer is alerted to a vulnerability, but does not know how to proceed, they may ignore or become frustrated by the finding.
It would be ideal if we could leverage external educational resources on how to avoid or fix specific types of vulnerabilities in our scans (SAST, DAST) when auto-remediation is not available. This education would help with remediation and prevention in the future.
Edited by Nicole Schwartz