What is a false positive versus a false negative in vulnerability scanning?

A false positive occurs when a vulnerability scanner incorrectly reports a vulnerability that does not actually exist, causing wasted time investigating and remediating a non-issue. A false negative occurs when the scanner fails to detect a real vulnerability, leaving the organization exposed to a threat it believes does not exist. False negatives are more dangerous because they create a false sense of security. Credentialed scans reduce both types by giving the scanner deeper access to verify findings.