{"id":107057,"date":"2026-02-22T12:29:56","date_gmt":"2026-02-22T10:29:56","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=107057"},"modified":"2026-02-24T18:37:09","modified_gmt":"2026-02-24T16:37:09","slug":"reducing-noise-with-contextual-risk-scoring","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/","title":{"rendered":"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0"},"content":{"rendered":"<p>AppSec teams aren\u2019t failing to find risk in their applications, they\u2019re overwhelmed by it. A constant flood of critical alerts, false positives, and disconnected security findings has created a severe signal\u2011to\u2011noise problem, making it nearly impossible to distinguish business risk from background static.<\/p>\n\n\n\n<p>Every commit now triggers a chain reaction of scans across SAST, SCA, IaC, containers, APIs, secrets, and cloud infrastructure, with each producing its own findings, severity rating, and risk interpretation. And when everything appears critical, developers are left with no guidance on what to fix first. The introduction of AI coding propelled new risks almost overnight speeding everything up. While AI tools help teams ship faster, they also create more code, more components, and more attack surface \u2013 leading to more alerts and more noise.<\/p>\n\n\n\n<p>The alert problem that existed before AI? It intensified. And when everything looks urgent, teams lose focus on the vulnerabilities that create business risk.<\/p>\n\n\n\n<p>Developers can\u2019t operate effectively when they\u2019re constantly buried under alerts without prioritization or clarity. Because when they can\u2019t distinguish between theoretical and real threats, critical vulnerabilities slip through unnoticed, exposure windows widen, and business risk increases.<\/p>\n\n\n\n<p>This is exactly the outcome we need to prevent. Detecting vulnerabilities is easy; the real challenge is understanding which ones matter, why they matter, and what to fix first.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\">\n<strong>The Noise Problem: Volume vs. Actionable Insights<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Noise isn\u2019t just annoying, it\u2019s dangerous. When teams are forced to sift through endless alerts, fatigue sets in and important issues get overlooked.<\/p>\n\n\n\n<p>To make matters worse, these alerts rarely tell a coherent story. Each scanner operates independently, surfacing different symptoms of potentially related problems.<\/p>\n\n\n\n<p>SAST may identify a potential injection risk, SCA may flag a critical CVE in a transitive dependency, and IaC may highlight risks in cloud configuration \u2013 all at the same time.<\/p>\n\n\n\n<p>Individually, each issue appears \u201ccritical,\u201d but without understanding how the vulnerabilities relate to each other and to real execution paths, AppSec teams are flying blind, leading to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multiple tools reporting versions of the same underlying issue<\/li>\n\n\n\n<li>High\u2011severity findings in code paths that cannot execute<\/li>\n\n\n\n<li>Duplicate tickets routed to different teams<\/li>\n\n\n\n<li>\u201cCritical\u201d vulnerabilities treated equally, regardless of real impact<\/li>\n<\/ul>\n\n\n\n<p>The problem isn\u2019t the volume of alerts, but the absence of context. Raw vulnerability data means nothing without the intelligent insights to prioritize them. Because when every vulnerability is \u201curgent,\u201d nothing actually is.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\">\n<strong>Contextual Risk Scoring: What It Is, How It Works, and Why It Matters<\/strong>&nbsp;<\/h2>\n\n\n\n<p>When teams understand a vulnerability\u2019s real-world impact, they can stop chasing theoretical risks and instead fix the issues that matter most.<\/p>\n\n\n\n<p>Instead of treating all \u201ccritical\u201d tags equally, contextual risk scoring evaluates how a vulnerability behaves in your specific application and if it presents a realistic threat. This allows teams to move from severity\u2011driven triage to intelligent risk\u2011driven prioritization.<\/p>\n\n\n\n<p>Contextual risk scoring takes the following into account:<\/p>\n\n\n\n<p><strong>Exploitability<\/strong>: Is there a realistic attack path? Are exploit techniques known or emerging? Is the weakness commonly abused in the wild?<\/p>\n\n\n\n<p><strong>Reachability<\/strong>: Is the vulnerable code path actually executed? Can untrusted input reach it? A flaw in unreachable or dead code may pose minimal risk despite its severity.<\/p>\n\n\n\n<p><strong>Correlation<\/strong>: Do signals from multiple scanners converge on the same root issue? Correlation provides a deeper understanding of location, impact, and propagation across services.<\/p>\n\n\n\n<p><strong>Business impact<\/strong>: How critical is the asset? Does it handle sensitive data? Is it externally exposed? Does it support a revenue\u2011generating or regulated function?<\/p>\n\n\n\n<p>By combining these factors, contextual risk scoring aligns remediation with real exposure. This is how a \u201ccritical\u201d issue in an unused library becomes low urgency, while a \u201cmedium\u201d flaw in an internet-facing API becomes top priority. Severity alone can\u2019t make that distinction, but contextual risk scoring can.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\">Correlation Between Scanners: Full Context Requires Multiple Signals Working Together<\/h2>\n\n\n\n<p>We need to get smarter about where we focus. Not every vulnerability is worth dropping everything for, and only teams that filter out the noise and focus on what really matters are able to stay ahead of risk.<\/p>\n\n\n\n<p>Teams today rely on a variety of scanners, but no single engine provides complete risk context.<\/p>\n\n\n\n<p>A dependency vulnerability flagged by SCA is just random data until you know whether your application code calls the affected function. An exposed cloud configuration only becomes urgent when tied to the services and code running on that infrastructure.<\/p>\n\n\n\n<p>Let\u2019s look at an example:<\/p>\n\n\n\n<p>SCA flags a critical CVE in a transitive dependency. On its own, it looks urgent. But SAST scan shows no code path that calls the affected function, and runtime signals confirm the component isn&#8217;t loaded in production. Three scanners, three separate alerts \u2013 but when correlated, the actual risk is low. Meanwhile, a medium-severity SAST finding in an internet-facing API that handles PII, is reachable, and is exercised in production traffic. That \u201cmedium\u201d instantly becomes the top priority.<\/p>\n\n\n\n<p>That\u2019s why correlation matters. It stitches together findings across code, dependencies, infrastructure, containers, and runtime environments \u2013 transforming disconnected alerts into a single, unified view of actual risk.<\/p>\n\n\n\n<p><em>Without it, everything becomes noise.<\/em><\/p>\n\n\n\n<p>The correlation of findings across SAST, SCA, IaC, API testing, runtime signals, container scans, and CI\/CD metadata helps teams determine:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When multiple alerts represent the same issue<\/li>\n\n\n\n<li>Whether vulnerabilities propagate across microservices<\/li>\n\n\n\n<li>If issues exist in deployed, production-facing assets<\/li>\n\n\n\n<li>Which components introduce actual operational risk<\/li>\n\n\n\n<li>True root causes that need to be fixed<\/li>\n<\/ul>\n\n\n\n<p>Correlation turns noise into intelligent, actionable signals. Instead of dozens of fragmented alerts, teams receive a single, contextualized insight that reflects the complete picture. This unified code\u2011to\u2011cloud intelligence closes visibility gaps,&nbsp;eliminates&nbsp;redundant triage, and enables smarter prioritization for faster, more efficient remediation.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\">\n<strong>Turning Contextual Insights&nbsp;Into&nbsp;Actionable Remediation<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Insight alone doesn\u2019t reduce risk, action does. Risk reduction requires turning signals into a fast, confident remediation. A vulnerability isn\u2019t neutralized just because it\u2019s been detected. It\u2019s only eliminated when developers understand why it matters, where it originates, and how to fix it without wading through logs or deciphering cryptic scanner output.<\/p>\n\n\n\n<p>This is where contextual risk intelligence stops being just a risk scoring exercise and becomes a practical remediation engine. When you combine exploitability, reachability, and cross\u2011scanner correlation, you give developers something they rarely get: findings they can trust. Instead of another generic \u201ccritical\u201d label, they get true prioritization \u2013 and a clear explanation of why the issue is important, the exact code path, and where to remediate. And that clarity transforms how teams work.<\/p>\n\n\n\n<p>Delivering these insights directly in the IDE is what makes them actionable. There\u2019s no tool sprawl or no context switching. Developers don\u2019t need to jump between dashboards or triage queues because the context comes to them, showing them precisely which part of the code needs attention.<\/p>\n\n\n\n<p>Your AppSec stack doesn\u2019t need more scanners or stricter thresholds, it just needs contextual intelligence. Contextual risk scoring cuts through the noise to surface genuine threats to your code. And when that intelligence reaches developers where they work, directly in their workflow, remediation becomes fast, confident, and focused.<\/p>\n\n\n\n<p>The most effective teams aren&#8217;t the ones processing every alert, they\u2019re the ones with enough context to confidently deprioritize most of them. When everything is labelled \u201ccritical,\u201d protecting against true vulnerabilities requires the ability to actually distinguish real risk from noise.<\/p>","protected":false},"excerpt":{"rendered":"<p>AppSec teams aren\u2019t failing to find risk in their applications, they\u2019re overwhelmed by it. A constant flood of critical alerts, false positives, and disconnected security findings has created a severe signal\u2011to\u2011noise problem, making it nearly impossible to distinguish business risk from background static. Every commit now triggers a chain reaction of scans across SAST, SCA, [&hellip;]<\/p>\n","protected":false},"author":141,"featured_media":107159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":true,"footnotes":""},"categories":[1284,84,1280,1281],"tags":[1272,87,492,249],"class_list":["post-107057","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-blog","category-secure-coding-best-practices-for-developers","category-threat-intelligence-vulnerability-analysis","tag-agentic-ai","tag-appsec","tag-ide-scanning","tag-vulnerability-remediation"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0<\/title>\n<meta name=\"description\" content=\"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0\" \/>\n<meta property=\"og:description\" content=\"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-22T10:29:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-24T16:37:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Emma Datny\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Emma Datny\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\"},\"author\":{\"name\":\"Emma Datny\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc\"},\"headline\":\"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0\",\"datePublished\":\"2026-02-22T10:29:56+00:00\",\"dateModified\":\"2026-02-24T16:37:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\"},\"wordCount\":1244,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp\",\"keywords\":[\"Agentic AI\",\"AppSec\",\"IDE Scanning\",\"Vulnerability Remediation\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Blog\",\"Secure Coding Best Practices for Developers\",\"Threat Intelligence &amp; Vulnerability Analysis\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\",\"name\":\"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp\",\"datePublished\":\"2026-02-22T10:29:56+00:00\",\"dateModified\":\"2026-02-24T16:37:09+00:00\",\"description\":\"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp\",\"width\":2560,\"height\":1280,\"caption\":\"AppSec Risk Scoring\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc\",\"name\":\"Emma Datny\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg\",\"caption\":\"Emma Datny\"},\"sameAs\":[\"https:\/\/checkmarx.com\/\"],\"url\":\"https:\/\/checkmarx.com\/author\/emma_datny\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0","description":"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/","og_locale":"en_US","og_type":"article","og_title":"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0","og_description":"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.","og_url":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-02-22T10:29:56+00:00","article_modified_time":"2026-02-24T16:37:09+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp","type":"image\/webp"}],"author":"Emma Datny","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Emma Datny","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/"},"author":{"name":"Emma Datny","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc"},"headline":"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0","datePublished":"2026-02-22T10:29:56+00:00","dateModified":"2026-02-24T16:37:09+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/"},"wordCount":1244,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp","keywords":["Agentic AI","AppSec","IDE Scanning","Vulnerability Remediation"],"articleSection":["AI &amp; LLM Tools in Application Security","Blog","Secure Coding Best Practices for Developers","Threat Intelligence &amp; Vulnerability Analysis"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/","url":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/","name":"Reducing Noise\u00a0With\u00a0Contextual Risk Scoring: Why Critical Doesn\u2019t\u00a0Always Mean Urgent\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp","datePublished":"2026-02-22T10:29:56+00:00","dateModified":"2026-02-24T16:37:09+00:00","description":"Risk reduction requires turning signals into a fast, confident remediation delivered directly in the IDE to make them actionable.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/reducing-noise-with-contextual-risk-scoring\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/Blog-Banner-_2_.webp","width":2560,"height":1280,"caption":"AppSec Risk Scoring"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/f2f13af2bbd7334f86e05c26025b82cc","name":"Emma Datny","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/Emma-Datny-150x150.jpg","caption":"Emma Datny"},"sameAs":["https:\/\/checkmarx.com\/"],"url":"https:\/\/checkmarx.com\/author\/emma_datny\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/141"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=107057"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/107057\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/107159"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=107057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=107057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=107057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}