When using the flag NonBlockedAsPassed requests that didn't result to 403 are counted as passed (i.e 5XX errors).
However, in true negative tests, the requests which were in this category (5xx errors, unresolved) are added as well in the score of the failed negative tests which is not correct.
True-Negative tests that resulted in an application error, should not be counted as failed since they didn't trigger a 403 WAF response.
When using the flag NonBlockedAsPassed requests that didn't result to 403 are counted as passed (i.e 5XX errors). However, in true negative tests, the requests which were in this category (5xx errors, unresolved) are added as well in the score of the failed negative tests which is not correct. True-Negative tests that resulted in an application error, should not be counted as failed since they didn't trigger a 403 WAF response.