semgrep · armchairlinguist · Jan 17, 2025 · Jan 14, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/docs/kb/rules/understand-severities.md b/docs/kb/rules/understand-severities.md
@@ -1,5 +1,5 @@
 ---
-description: Understand how rule severity is determined.
+description: Understand how rule severity and confidence is determined.
 tags:
  - Rules
  - Semgrep Registry
@@ -23,4 +23,10 @@ In addition to severity, Supply Chain displays an [Exploit prediction scoring sy
 
 * <b>High</b>: 50 - 100%
 * <b>Medium</b>: 10 - &#60;50%
-* <b>Low</b>: &#60;10%
+* <b>Low</b>: &#60;10%
+
+# How are confidence levels assigned to rules?
+
+Confidence level is also set by the rule author, but intends to describe the rule, rather than the vulnerability it is trying to catch. 
+
+It reflects how confident the rule writer is that the rule patterns will capture the vulnerability and not result in too many false positive findings. Right now this is done manually. Rules that have more targeted and detailed patterns, such as advanced taint mode rules, typically are given HIGH confidence.