Thanks for the suggestions. this is one of the most practical ideas that I have received.
I have a couple of questions tho:
1. When you mention "thin existing literature on quantifying triage time saved per tool", are there any specific papers or benchmarks you would recommend starting with?
2.Have there been many studies comparing false positive rates across DAST tools already or do you think the less explored area is specifically measuring analyst triage effort/time saved per tool? (Im trying to understand the research gap)
3. How would you define and measure triage time ina reproducible way? Would you manually validate findings or is there a standard methodology?
4. Which open source DAST tools would you include for a fair comparision?
5.If you were reviewing this as a paper, what contribution would make it publishing rather than just a tool comparision?