Skip to main content

Report Methodology

Preparation Steps

  1. Define the research question and target audience.
  2. Document authorization basis and data sources.
  3. Separate raw evidence from publishable evidence.
  4. Normalize product names, versions, dates, and terminology.
  5. Write impact in terms of consequence.
  6. State limitations and unknowns.
  7. Add remediation, mitigation, or defensive interpretation.
  8. Review for sensitive data and exploitability.
  9. Validate links, metadata, and route stability.
  10. Preserve a revision history.

Report Sections

A mature report should include:

  • executive summary;
  • scope and authorization basis;
  • methodology;
  • findings;
  • evidence summary;
  • severity or risk rationale;
  • remediation or mitigation;
  • limitations;
  • coordination timeline where relevant;
  • references;
  • revision history.

Report pages should preserve analysis quality while removing raw evidence that belongs in private case files. Public readers should be able to understand scope, method, impact, and remediation state without receiving unnecessary operational detail.

Quality Bar

A report should let a qualified reader evaluate the claim without trusting the author’s reputation alone. It should also avoid operational detail that is not needed for defense.

A quality bar should be observable. Reviewers should be able to reject, hold, or publish an artifact based on defined criteria rather than personal taste.

Report Standard

Report pages should preserve analysis quality while removing raw evidence that belongs in private case files. Public readers should be able to understand scope, method, impact, and remediation state without receiving unnecessary operational detail.

Methodology pages should explain how findings are gathered, reviewed, and constrained before release. The method is part of the trust surface because it tells readers how much weight to place on a report.