With the release of SonarQube 5.6, we introduced the SonarQube Quality Model, which pulls Bugs and Vulnerabilities out into separate categories to give them the prominence they deserve. Now we're tackling the other half of the job: "sane-itizing" rule severities, because not every bug is Critical. We're reclassifying the severity on every single rule specification in the RSpec repository. The changes are based on a truth table that evaluates impact and likelihood for bugs, vulnerabilities, and code smells. Rule severities are now transparent and easy to understand, addressing the issue of "severity inflation" by bringing attention to bugs and security vulnerabilities without assigning high severity ratings to every single bug or vulnerability.