In the security profession, we are constantly complaining about false positives, particularly with IDS. Notwithstanding the notion that a false positive is usually an alert based on how the sensor is configured (that is, not really a false positive, but a result of poor tuning), we could certainly do a better job in reducing them. Not with better tuning (which of course would be helpful) but by forcing vendors to comply with standards. One of the big problems with false positives is simply that applications often don’t comply with some particular protocol or other standard. In the security space, this noncompliance may be seen as a threat, and so we have an alert.

So next time you complain about false positives, do it to the application vendor, not the security one. They are much more likely to be able to address the problem.