Skip to main content

Advisory Templates

Advisory templates define the minimum structure for controlled publication. They keep advisory records consistent across vendors, researchers, and affected technologies while allowing each case to retain the detail needed for remediation.

The template system is also a safety control. Required fields make it harder to publish a record with missing status, ambiguous scope, unsupported severity, or inadequate remediation guidance.

Required Fields

  • Advisory ID and canonical URL.
  • Status and publication date.
  • Affected product, version, and configuration.
  • Summary and impact.
  • Severity rationale.
  • Remediation or mitigation.
  • Disclosure timeline.
  • Credits and acknowledgements.
  • References.

A template is not a publication approval. The completed advisory must still pass evidence review and release checks.

Advisory Standard

Advisory pages should be written for vendors, researchers, and defenders who need a stable public record. The language should identify what is known, what has changed, and what remains intentionally private without turning the page into a proof-of-concept walkthrough.

Reader Outcome

A complete page in this section should leave the reader with a clear next action, a clear limitation, and a clear route for follow-up. If the section is an index, it should explain what records will appear here, why they may be absent today, and which adjacent policy or template controls future entries. If it is a template, it should explain how to use the structure without treating the sample as a substitute for review.