Report Program

The report program defines how broader research outputs differ from advisories. An advisory is issue-specific and tied to remediation. A report can explain a method, analyze a pattern, document a defensive workflow, or summarize a research line. Reports still need review discipline because they can contain sensitive context, overstated conclusions, or unnecessary reproduction detail.

A public report should read as an accountable research artifact. It should identify the question, evidence boundary, method, limitations, findings, and defensive relevance. If the report uses aggregate records, it should link to the schema and explain what the dataset excludes. If it describes a vulnerability pattern, it should avoid unnecessary payload mechanics unless those details are needed for remediation or detection.

Report Families

Family	Use	Review Focus
Methodology	Explains how a class of review is conducted	Avoid implying authorization or universal validity
Defensive Analysis	Summarizes implications for defenders	Keep advice bounded to evidence and scope
Tooling Notes	Documents browser/local tooling behavior	Separate tool output from security verdicts
Aggregate Review	Analyzes public records or datasets	State population, exclusion, and bias clearly
Post-Publication Review	Explains updates after a public record changes	Preserve revision history and correction rationale

Publication Criteria

A report is ready for public publication when its evidence boundary is clear, its conclusion is supported by the record, its limitations are stated, and its sensitive details have been reviewed. Reports should not be published just to fill the reports section. Empty state is better than a weak artifact.

Relationship To Advisories

When a report discusses a vulnerability that also has an advisory, the advisory remains the canonical issue record. The report can provide broader context, methodology, or aggregate analysis, but it should not conflict with the advisory timeline, remediation statement, or severity rationale.