Confidence Levels
BTP assigns confidence levels to findings based on the detection method and validation process. These confidence levels help users understand the reliability of each finding. Confidence levels are shown the findings grids and in the details of each finding. They can also be found in the majority of the reporting and SBOM outputs.Confidence Level Scale
| Confidence | LevelPercentile | ValueNumerical | ValueDescription |
|---|---|---|---|
| certain | 80% - 100% | 0.8 - 1.0 | Highest confidence, thoroughly validated findings |
| somewhat_certain | 60% - 80% | 0.6 - 0.8 | High confidence with minimal false positive potential |
| somewhat_uncertain | 40% - 60% | 0.4 - 0.6 | Moderate confidence, may require manual validation |
| uncertain | 20% - 40% | 0.2 - 0.4 | Lower confidence, higher false positive potential |
| very_uncertain | 1% - 20% | 0.01 - 0.2 | Lowest confidence, requires thorough manual verification |
Calculation Methods
The confidence levels are determined through different methods depending on the type of detection:- Known Vulnerabilities: Tested on large datasets with verified results, typically achieving “certain” confidence levels
- Secret Scanning: Uses regex-based rules, typically assigned “somewhat_uncertain” due to potential false positives
- UEFI Unknown Detection: Validated through large-scale analysis of Dell firmware, achieving ~95% precision after manual analysis
JSON Example
Key Considerations
The confidence levels are assigned based on:- Detection method reliability
- Historical accuracy of the detection mechanism
- Potential for false positives
- Need for manual validation
- Complexity of the detection process