Taxonomy & Tag Governance
Rules that keep SECMONS scalable, searchable, and consistent.
SECMONS is a structured intelligence platform. That means taxonomy discipline is a feature, not a detail.
Categories
- Categories are the few stable pillars (Vulnerabilities, Threat Actors, Malware, Attack Techniques, Breaches, Scams, Research, Guides, News, Glossary).
- Do not create new categories casually. New categories must be justified as a long‑term pillar.
Tags (use for atomic concepts only)
Use tags for:
- Techniques/behaviors:
phishing,credential-stuffing,mfa-bypass,rce - Vulnerability characteristics:
use-after-free,sql-injection,auth-bypass - High-signal topics:
zero-day,exploited,poc-available
Avoid tags for:
- Long hierarchical labels (no
Security: Email Protectionstyle) - Duplicating categories
- One-off “headline” tags
Vendors / Platforms / Sectors / Regions (use taxonomies, not tags)
Use:
vendors: Microsoft, Apple, Google, Cisco…platforms: Windows, Linux, Android, iOS, macOS, Cloud…sectors: Healthcare, Finance, Government, Education…regions: Europe, North-America, APAC…
These are first-class taxonomies so we can build filters and aggregation pages.
Slugs and naming
- Keep tags lowercase and hyphenated:
privilege-escalation,credential-theft - Prefer singular nouns:
breach, notbreaches(category handles plurality) - Keep vendor/platform/sector values in Title Case (display-friendly).
Quality bar for tag pages
A tag should exist only if it will be used repeatedly and provides a meaningful collection.
Linking rule (mandatory)
When an item references an entity (actor/malware/vulnerability), add it to the appropriate front matter array:
threat_actors: ["apt29"]malware: ["lockbit"]related_vulnerabilities: ["cve-2026-12345"]