Report Template

This template defines a public research report structure for findings that are broader than a single advisory. Reports may summarize a research method, a class of observations, an aggregate dataset, or a sanitized case study.

Required Sections

1. Title And Status — public title, publication state, and canonical URL.
2. Executive Summary — concise technical summary with no unsupported claims.
3. Scope — what was reviewed, what was excluded, and what authority applied.
4. Method — repeatable description of safe, non-disruptive research steps.
5. Findings — evidence-backed observations with impact boundaries.
6. Limitations — known uncertainty, untested conditions, and excluded systems.
7. Defensive Guidance — remediation, detection, hardening, or review actions.
8. Data Handling — statement on evidence reduction and redaction.
9. References — standards, vendor material, advisories, and public context.

Publication Rules

Reports should demonstrate restraint. A strong report does not need to overstate severity or include every private detail. It should give defenders enough information to act while preserving coordination obligations and minimizing sensitive data exposure.

Templates should reduce reviewer discretion by making required fields explicit. They should preserve enough structure for repeatable review while leaving room for case-specific facts.

Review Checklist

• Claims are traceable to evidence.
• Evidence shown publicly is sanitized.
• The report does not imply authorization outside the stated scope.
• Defensive value outweighs disclosure risk.
• Any data tables have schema, provenance, and privacy notes.

Templates should reduce reviewer discretion by making required fields explicit. They should preserve enough structure for repeatable review while leaving room for case-specific facts.