Tootfinder

Opt-in global Mastodon full text search. Join the index!

@adulau@infosec.exchange
2026-02-07 08:07:19

Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
#kev #gcve

| Confidence | Label | Meaning (confidence in this evidence item) | Typical exploitation evidence examples | |-----------:|------------------|---------------------------------------------|----------------------------------------| | 0.0 | None | No usable evidence or placeholder only | Empty claim; unresolved rumor with no traceability | | 0.1 | Extremely low | U…