Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "confidence indication" to vulnerability matches #52

Open
wagoodman opened this issue Jul 16, 2020 · 0 comments
Open

Add "confidence indication" to vulnerability matches #52

wagoodman opened this issue Jul 16, 2020 · 0 comments
Labels
help-wanted Extra attention is needed

Comments

@wagoodman
Copy link
Contributor

Currently each match has a type (direct, indirect, fuzzy, etc), however, we can go a step further by adding a quantified number between 0-1 that indicates how "sure" we are that the match is legitimate based on a wide variety of factors (the vulnerability data source, how close the match was to package metadata, if any generated/guessed data was used to make the match, etc).

It's not quite clear how the formula for the confidence should be determined quite yet or how it would be useful for an end user. Up for thoughts, comments, and suggestions!
@wagoodman wagoodman added the help-wanted Extra attention is needed label Jul 16, 2020
@wagoodman wagoodman mentioned this issue Jul 16, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help-wanted Extra attention is needed
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wagoodman