> For the complete documentation index, see [llms.txt](https://secureum.gitbook.io/secureum-book/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://secureum.gitbook.io/secureum-book/learn/learn/4_audit_techniques_and_tools/4.4_false_positives_and_negatives.md). # 4.4 False Positives & Negatives Let's now talk about the concept of false positives and false negatives, which are critical to understand in the context of smart contract audits or security. ## False Positives False positives are findings which flag the presence of vulnerabilities, but which in fact are not vulnerabilities. They could arise due to incorrect assumptions or simplifications in analysis which do not correctly consider all the factors required for the actual presence of vulnerabilities. False positives require further manual analysis on findings to investigate if they are indeed false positives or if they are true positives. A high number of false positives increases the manual effort required in verification and also lowers the confidence in the accuracy of findings from the earlier automated analysis. On the flip side, true positives might sometimes be incorrectly classified as false positives, which leads to the vulnerabilities behind those findings being ignored and left behind in the code instead of being fixed, and may end up getting exploited later. ## False Negatives On the other hand false negatives are missed findings that should have indicated the presence of vulnerabilities, but which are in fact not reported at all. Such false negatives again could be due to incorrect assumptions or inaccuracies in analysis which did not correctly consider the minimum factors required for the actual presence of vulnerabilities. False negatives, per definition, are not reported or even realized unless a different analysis reveals their presence, or the vulnerabilities are realized when they're exploited. A high number of false negatives lowers the confidence in the effectiveness of the earlier manual or automated analysis. In contrast, true negatives are findings that are analyzed and dismissed which are in fact not vulnerabilities So these concepts of true positives, false positives, true negatives and false negatives come up often in smart contract auditing and in security in general, and therefore this terminology (the distinction between these types) should be well understood. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://secureum.gitbook.io/secureum-book/learn/learn/4_audit_techniques_and_tools/4.4_false_positives_and_negatives.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.