That's really not a safe assumption — an incorrect result repeated thousands of times does not become correct — and it definitely means that you now have a big problem of reviewing and validating tons of noise which will delay the time before you find whatever valid results are present.
I've seen multiple tools in this class — code scanners, IDSes, or web app scanners — which caused security problems by training everyone to assume that the results are always false-positives until they missed something real or soaking up so much human time that nobody made progress on the major improvements which would have prevented a breach.
I've seen multiple tools in this class — code scanners, IDSes, or web app scanners — which caused security problems by training everyone to assume that the results are always false-positives until they missed something real or soaking up so much human time that nobody made progress on the major improvements which would have prevented a breach.