A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.

A feature value may be unknown. In turn, scoring functions should expect unknown values, and still produce a score. In this case, the scoring function has to produce a result taking into account some amount of uncertainty. The same applies to rating procedures.

To let a user know about how accurate a score is, a scoring function provides a confidence level for the calculated score.

Letâ€™s define a **confidence level** as a float number in the interval `[0, 10]`

where `0`

means the lowest confidence, and `10`

means the highest confidence.

Both scoring function and rating procedure provide a confidence level for score and rating values that they produce. The confidence level mainly depends on a number of unknown features that were used to calculate the score.

The way how a confidence level is calculated depends on a particular scoring function. In general, a scoring function should take into account the weights of the sub-scores.