Vulnerability Report Template
This template is used when a public report needs more context than an advisory but still describes vulnerability-oriented research.
Required Sections
- Summary — concise technical description and defensive relevance.
- Scope — systems, versions, configurations, and authority boundaries.
- Method — safe research method without exploit-ready automation.
- Findings — evidence-backed observations separated from inference.
- Impact — affected security properties and operational consequences.
- Limitations — known uncertainty, exclusions, and untested conditions.
- Remediation Guidance — practical defensive actions.
- Evidence Handling — what was redacted or omitted and why.
- References — standards, advisories, vendor material, and public context.
Review Checklist
- Claims are supported by reviewed evidence.
- Sensitive details are minimized.
- Scope is clear and not overstated.
- Reproduction detail is proportional to defensive value.
- Remediation guidance is practical.
Report Standard
Report pages should preserve analysis quality while removing raw evidence that belongs in private case files. Public readers should be able to understand scope, method, impact, and remediation state without receiving unnecessary operational detail.
Reader Outcome
A complete page in this section should leave the reader with a clear next action, a clear limitation, and a clear route for follow-up. If the section is an index, it should explain what records will appear here, why they may be absent today, and which adjacent policy or template controls future entries. If it is a template, it should explain how to use the structure without treating the sample as a substitute for review.