We previously introduced this concept - https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-May/000773.html
The idea is to designate both MATURITY and ACCURACY levels of each rule. The benefits of this approach are obvious as users would then be able to easily disable entire groups of rules by using SecRuleRemoveByTag. The issue I see are that we, SpiderLabs, have absolutely no insight into how these rules are working in your environments. The only way that we know that a particular rule is not working well is - 1. If you send a note to the mail-list. We do have a mail-list setup just for reporting false positives - https://lists.sourceforge.net/lists/listinfo/mod-security-report-false-positives. I guess we need to be more vigilant in redirecting FP emails to that list instead. 2. If you open a JIRA ticket for the CRS - https://www.modsecurity.org/tracker/browse/CORERULES We need help from the community in reporting back accuracy issues with rules. If you have any good ideas for getting details on false positives let me know. -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
