Skip to main content

Reports

Reports are public research artifacts that are broader than a single advisory. They may describe a research method, aggregate observation, sanitized case study, data review, or defensive analysis. The report format is designed for clarity, reproducibility, and restrained public value.

A report should not rely on vague authority. It should make scope, limitations, assumptions, evidence boundaries, and defensive relevance visible. Strong reports tend to be measured: they identify what was found, what was not tested, and what a defender can do with the information.

Published ReportsCanonical public reports once available.Report MethodologyHow PCL structures evidence, limitations, and public claims.Report TemplatesReusable report skeletons and required sections.

Publication Standard

A report should help a technical audience understand risk without creating avoidable operational harm. Evidence should be summarized, redacted, and contextualized before publication.

A publication standard keeps the absence of records distinct from a broken route. If no public artifact exists yet, the page should say so directly, identify what will appear here later, and point users to the nearest useful policy or contact path.

Report Standard

Report pages should preserve analysis quality while removing raw evidence that belongs in private case files. Public readers should be able to understand scope, method, impact, and remediation state without receiving unnecessary operational detail.

Reports should preserve enough method and evidence context for technical review while keeping private material out of the public artifact. A report page should make its publication state, template lineage, and correction path visible.

Program Model

The report program page defines how reports differ from advisories. Reports can cover methodology, defensive analysis, aggregate findings, tool behavior, and post-publication review. They need the same publication discipline as advisories, but their purpose is broader than issue-specific remediation.

Report ProgramReport families, publication criteria, and review expectations.MethodologyHow report claims and evidence are handled.