Propose low, medium and high confidence levels.

microsoft / security-utilities

Security utilities for key generation, string redaction, etc.

MIT License

25 stars 11 forks source link

Propose low, medium and high confidence levels. #80

Closed michaelcfanning closed 3 months ago

michaelcfanning commented 3 months ago

Provide explicit metadata for noise levels for checks (as a separate design consideration over unclassified vs. classified).
Produce output JSON that separates Low/Medium/High confidence into discrete JSON files.
Move the 34-character SEC101/101.AadClientAppLegacyCredentials check into the low confidence designation (due to the anonymity of the autogenerated password format).

suvamM commented 3 months ago

@michaelcfanning What is the difference between HighConfidenceSecurityModel and PreciselyClassifiedSecurityKey? Similar question for the other classifications.