How do you de-duplicate security risk findings obtained from various different tools?
You potentially use a variety of scanners and processes (e.g. Threat Modelling) which produces a set of overlapping outputs. How do you avoid repeated findings which are duplicated across toolsets?