confidence

[danielsadoc]

Thanks a lot for inthewild.io! Please, how is "confidence" set? What is its meaning? Knowing the "confidence" on the artifacts is great, but we need to know how is it set. Is it possible to also include this information in the .db file?

[gmatuz]

@danielsadoc it is more something for our triage. Some sources are a little inconsistent in our experience (either for certainty or the way we automatically parse them). e.g. we also add lower certainty to anything we have not triaged and submitted externally. In this I'd recommend you disregard non "High" certainty ones unless you want to be very cautious that is also the reason why they are not included in the db or the main API. I'll make a doc of this on the readme!

Also if you like the project, we always appreciate help in terms of detailed feedback or ongoing submissions. Please reach out if you feel like contributing

[danielsadoc]

thanks! On that same note, I've noticed that there are 10 sources at inthewild.io, right? Most of them are clear, but one is called API. What does API mean?

Please, if you could also share the heuristics for confidence that would be great. We noticed that even CISA/KEV sometimes appear with medium confidence. However, CISA/KEV is an authoritative source. Why some CISA/KEV entries are marked as medium confidence?

[gmatuz]

Sometime KEV has incorrect dates of exploitation of vulnerabilities. Vulnerabilities are marked as currently exploited in case they were known to be exploited years ago. For us the having only recent data on RSS is very important so we manually verify this.

I'm not sure about your question but we have APIs where people can submit exploitation information directly and to get exploitation information, explicitly one for all the exploited vulns https://inthewild.io/api/exploited

[danielsadoc]

dear @gmatuz please, did you have a chance to share some notes about the confidence values? What do they mean? And how are they computed?