From f2ba2a7c501d8f38e9abfb06e691ade1a40cf4bd Mon Sep 17 00:00:00 2001 From: Alexis Grant Date: Tue, 14 Jan 2025 11:37:19 -0800 Subject: [PATCH 1/3] Add confidence since people ask about this too Probably in an ideal world we'd rename this, but for now I'm just going to go with adding this info. The info came from the Code team and is only lightly paraphrased :) --- docs/kb/rules/understand-severities.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/kb/rules/understand-severities.md b/docs/kb/rules/understand-severities.md index fb7ee6782..5f91eef4a 100644 --- a/docs/kb/rules/understand-severities.md +++ b/docs/kb/rules/understand-severities.md @@ -1,5 +1,5 @@ --- -description: Understand how rule severity is determined. +description: Understand how rule severity and confidence is determined. tags: - Rules - Semgrep Registry @@ -23,4 +23,10 @@ In addition to severity, Supply Chain displays an [Exploit prediction scoring sy * High: 50 - 100% * Medium: 10 - <50% -* Low: <10% \ No newline at end of file +* Low: <10% + +# How are confidence levels assigned to rules? + +Confidence level is also set by the rule author, but intends to describe the rule, rather than the vulnerability it is trying to catch. + +It reflects how confident the rule writer is that the rule patterns will capture the vulnerability and not result in too many false positive findings. Right now this is done manually. Rules that have more targeted and detailed patterns, such as advanced taint mode rules, typically are given HIGH confidence. From f345010aa0404e6eefc7db0c5e3cac50932b1d72 Mon Sep 17 00:00:00 2001 From: Alexis Grant Date: Thu, 16 Jan 2025 17:52:14 -0800 Subject: [PATCH 2/3] Incorporate other half of TW changes --- docs/kb/rules/understand-severities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kb/rules/understand-severities.md b/docs/kb/rules/understand-severities.md index 5f91eef4a..d50f3e28e 100644 --- a/docs/kb/rules/understand-severities.md +++ b/docs/kb/rules/understand-severities.md @@ -29,4 +29,4 @@ In addition to severity, Supply Chain displays an [Exploit prediction scoring sy Confidence level is also set by the rule author, but intends to describe the rule, rather than the vulnerability it is trying to catch. -It reflects how confident the rule writer is that the rule patterns will capture the vulnerability and not result in too many false positive findings. Right now this is done manually. Rules that have more targeted and detailed patterns, such as advanced taint mode rules, typically are given HIGH confidence. +The confidence level reflects how confident the rule writer is that the rule patterns capture the vulnerability without generating too many false positive findings. The rule author manually sets the appropriate confidence level. Rules that have more targeted and detailed patterns, such as advanced taint mode rules, typically are given `HIGH` confidence. From 7f12d3e71a0a1aa5cd144b99b2549ae3ed4d7427 Mon Sep 17 00:00:00 2001 From: Alexis Grant Date: Thu, 16 Jan 2025 17:52:31 -0800 Subject: [PATCH 3/3] First half TW changes Co-authored-by: Katie Horne --- docs/kb/rules/understand-severities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kb/rules/understand-severities.md b/docs/kb/rules/understand-severities.md index d50f3e28e..f695121d4 100644 --- a/docs/kb/rules/understand-severities.md +++ b/docs/kb/rules/understand-severities.md @@ -27,6 +27,6 @@ In addition to severity, Supply Chain displays an [Exploit prediction scoring sy # How are confidence levels assigned to rules? -Confidence level is also set by the rule author, but intends to describe the rule, rather than the vulnerability it is trying to catch. +Confidence level is also set by the rule author, but it is intended to describe the rule, not the vulnerability the rule catches. The confidence level reflects how confident the rule writer is that the rule patterns capture the vulnerability without generating too many false positive findings. The rule author manually sets the appropriate confidence level. Rules that have more targeted and detailed patterns, such as advanced taint mode rules, typically are given `HIGH` confidence.