False-Positives

Data quality is very important for us. Therefore, our moderation team is investing additional time to determine false-positives and potential duplicates.

Commits

If we are uncertain whether a data point of an entry is correct, we add the commit with a low confidence level. The commit overview of an entry allows an user determine such potentially weak data points.

If a commit was wrong, we do either revoke the commit (nullify the confidence level) or deploy a new commit containing the correct data. Commit data is never overwritten nor deleted to provide a reliable commit history.

Entries

If we are uncertain whether a vulnerability is truly existing, we display this in the report confidence fields of the CVSS vectors. If an entry is disputed by a 3rd party, we will flag the entry as such. If we are the responsible CNA to handle the associated CVE, we will add the statement by the disputee.

If an entry was wrong, we will update it properly. If a duplicate was detected, the duplicate entry will be flagged as such and redirect to the prior entry. The prior entry does also link to the duplicate. If an entry was a false-positive, we will flag it as such. If we are the responsible CNA to handle associated CVE, we will revoke the CVE as well and flag it as REJECTED.

Duplicates and false-positives are sometimes hidden from overviews, searches and API requests to reduce the feed noise to a minimum.

Might our Artificial Intelligence support you?

Check our Alexa App!

◂ PreviousOverviewNext ▸