Too Long; Didn't Read
At SonarSource, our SAST mission is to eliminate false positives but we can't ignore this class because these issues can represent real vulnerabilities. Each issue in this class has a 50/50 chance of being a real Vulnerability or of being no big deal at all. We've segregated these issues into what we call Security Hotspots. The separation is key to retaining credibility and keeping developers engaged in the SAST process. At least as a developer, you get to referee your own code.