The report confidence metric indicates the level of confidence in the existence of the vulnerability and the authenticity of the resources and technical details. It may be that a certain vulnerability is published without any additional technical details. In such a case, the root cause and the impact may be unknown:
|
Parameter |
Description |
|
Not defined |
Assigning this value to the metric will not affect the score. It simply indicates the scoring equation to skip this metric. |
|
Confirmed |
A comprehensive report exists or the vulnerability/issue could be reproduced functionally. Source code may be available to manually verify the outcome of the research, or the author/vendor of the impacted code has confirmed the existence of the vulnerability. |
|
Reasonable |
Considerable details have been published, yet researchers don't have complete confidence in the root cause. Researchers may not have access to source code in order to affirm the findings. |
|
Unknown |
There are reports about the presence of the vulnerability; however, its cause is unknown. There is uncertainty about the true nature of the vulnerability. |