Methodology — SECMONS Intelligence & Publication Standards
This Methodology document defines how SECMONS researches, verifies, structures, updates, and contextualizes cybersecurity intelligence across vulnerabilities, campaigns, threat actors, and operational guidance.
1) Purpose of This Methodology 🧠
SECMONS operates as a structured cybersecurity intelligence platform.
This document defines:
- Research and verification standards
- Content structuring rules
- Exploitation status labeling criteria
- Update and correction workflows
- Risk modeling approach
- Attribution handling boundaries
Methodology exists to ensure consistency, transparency, and defensibility.
2) Intelligence Framework Overview 📊
SECMONS organizes cybersecurity information into structured domains:
- Vulnerabilities → /vulnerabilities/
- Threat Actors → /threat-actors/
- Malware → /malware/
- Attack Techniques → /attack-techniques/
- Breaches → /breaches/
- Research → /research/
- Guides → /guides/
- Glossary → /glossary/
Each section follows defined editorial and verification standards.
See:
3) Vulnerability Record Construction 🔎
Each vulnerability entry includes structured metadata such as:
- CVE identifier
- Description
- Date of first public disclosure
- Last update date
- Patch date (if applicable)
- Vendor and platform tags
- Exploitation status
- CVSS (when available)
- Contextual defensive guidance
We rely on:
- Official vendor advisories
- National vulnerability databases
- Government advisories
- Confirmed exploitation reporting
- Credible research publications
We do not invent technical details.
If information is unavailable, it is not fabricated.
4) Exploitation Status Criteria ⚠️
SECMONS may label vulnerabilities as:
- Exploited in the Wild
- Public Proof of Concept Available
- Under Active Campaign
- Listed in Known Exploited Vulnerabilities (KEV)
Such labels are based on:
- Vendor confirmation
- Government advisories
- Reputable security research
- Correlated public intelligence
Absence of a label does not imply absence of exploitation.
Status may change over time.
5) Timeline Construction 🗓️
Timelines are built using publicly verifiable events:
- Vulnerability disclosure
- Vendor patch release
- Exploitation confirmation
- Inclusion in government catalogs
- Editorial update timestamps
Where dates are unclear, we avoid speculative insertion.
6) Threat Actor & Campaign Correlation 🕵️
Campaign mapping relies on:
- Shared infrastructure indicators
- TTP overlap
- Malware family association
- Public intelligence reporting
- Government attribution statements
Attribution is contextual and may be probabilistic.
We avoid definitive claims without credible sourcing.
See:
7) Risk Modeling Approach 🎯
SECMONS distinguishes between:
- Severity (technical impact)
- Exploitability
- Exposure surface
- Operational risk
- Business impact
CVSS is referenced as a standardized scoring model but does not substitute for contextual risk assessment.
See:
8) Defensive Guidance Standards 🛡️
Mitigation guidance is:
- Generalized
- Defensive in orientation
- Environment-agnostic
- Vendor-aligned where applicable
We do not provide exploit reproduction instructions.
Operational changes must be validated internally by readers.
9) Update & Revision Workflow 🔄
Records may be updated due to:
- Patch availability changes
- Exploitation confirmation
- Vendor advisory revisions
- Correction requests
- Additional credible intelligence
The lastmod field reflects editorial update date.
Historical states may not be preserved unless explicitly archived.
10) Correction Handling 🧾
Correction requests must include:
- Affected URL
- Specific claim in question
- Supporting evidence
We review requests against primary sources.
Updates may include:
- Clarification
- Correction
- Additional context
- Status change
Publication of correction does not imply prior negligence.
11) AI & Automation Controls 🤖
SECMONS may use structured tools to assist drafting, formatting, or organizing content.
However:
- Facts are not knowingly fabricated.
- Technical details are not invented.
- Exploitation claims are not assumed.
- Attribution is not created without sourcing.
- Human review precedes publication.
Accuracy remains mandatory.
12) Boundaries of Responsibility 🚫
SECMONS does not:
- Conduct live vulnerability testing
- Accept confidential vulnerability submissions
- Guarantee detection coverage
- Guarantee remediation outcomes
- Provide professional security services
See:
13) Transparency & Traceability 📡
SECMONS emphasizes:
- Clear metadata fields
- Structured tagging
- Internal linking for context
- Source citation
- Update timestamps
Transparency is foundational to credibility.
14) Continuous Improvement 📈
Cybersecurity intelligence evolves.
Methodology may be updated to reflect:
- Changes in disclosure norms
- Advances in threat intelligence practice
- Improved data structuring
- Governance refinement
Changes will be reflected in the lastmod date.