Methodology — SECMONS Intelligence & Publication Standards
This Methodology document defines how SECMONS researches, verifies, structures, updates, and contextualizes cybersecurity intelligence across vulnerabilities, campaigns, threat actors, and operational guidance.
1) Purpose of This Methodology
SECMONS operates as a structured cybersecurity intelligence platform.
This document defines:
- Research and verification standards
- Content structuring rules
- Exploitation status labeling criteria
- Update and correction workflows
- Risk modeling approach
- Attribution handling boundaries
Methodology exists to ensure consistency, transparency, and defensibility.
2) Intelligence Framework Overview
SECMONS organizes cybersecurity information into structured domains:
- Vulnerabilities → /vulnerabilities/
- Threat Actors → /threat-actors/
- Malware → /malware/
- Attack Techniques → /attack-techniques/
- Breaches → /breaches/
- Research → /research/
- Guides → /guides/
- Glossary → /glossary/
Each section follows defined editorial and verification standards.
See:
3) Vulnerability Record Construction
Each vulnerability entry includes structured metadata such as:
- CVE identifier
- Description
- Date of first public disclosure
- Last update date
- Patch date (if applicable)
- Vendor and platform tags
- Exploitation status
- CVSS (when available)
- Contextual defensive guidance
We rely on:
- Official vendor advisories
- National vulnerability databases
- Government advisories
- Confirmed exploitation reporting
- Credible research publications
We do not invent technical details.
If information is unavailable, it is not fabricated.
4) Exploitation Status Criteria ️
SECMONS may label vulnerabilities as:
- Exploited in the Wild
- Public Proof of Concept Available
- Under Active Campaign
- Listed in Known Exploited Vulnerabilities (KEV)
Such labels are based on:
- Vendor confirmation
- Government advisories
- Reputable security research
- Correlated public intelligence
Absence of a label does not imply absence of exploitation.
Status may change over time.
5) Timeline Construction ️
Timelines are built using publicly verifiable events:
- Vulnerability disclosure
- Vendor patch release
- Exploitation confirmation
- Inclusion in government catalogs
- Editorial update timestamps
Where dates are unclear, we avoid speculative insertion.
6) Threat Actor & Campaign Correlation ️
Campaign mapping relies on:
- Shared infrastructure indicators
- TTP overlap
- Malware family association
- Public intelligence reporting
- Government attribution statements
Attribution is contextual and may be probabilistic.
We avoid definitive claims without credible sourcing.
See:
7) Risk Modeling Approach
SECMONS distinguishes between:
- Severity (technical impact)
- Exploitability
- Exposure surface
- Operational risk
- Business impact
CVSS is referenced as a standardized scoring model but does not substitute for contextual risk assessment.
See:
8) Defensive Guidance Standards ️
Mitigation guidance is:
- Generalized
- Defensive in orientation
- Environment-agnostic
- Vendor-aligned where applicable
We do not provide exploit reproduction instructions.
Operational changes must be validated internally by readers.
9) Update & Revision Workflow
Records may be updated due to:
- Patch availability changes
- Exploitation confirmation
- Vendor advisory revisions
- Correction requests
- Additional credible intelligence
The lastmod field reflects editorial update date.
Historical states may not be preserved unless explicitly archived.
10) Correction Handling
Correction requests must include:
- Affected URL
- Specific claim in question
- Supporting evidence
We review requests against primary sources.
Updates may include:
- Clarification
- Correction
- Additional context
- Status change
Publication of correction does not imply prior negligence.
11) AI & Automation Controls
SECMONS may use structured tools to assist drafting, formatting, or organizing content.
However:
- Facts are not knowingly fabricated.
- Technical details are not invented.
- Exploitation claims are not assumed.
- Attribution is not created without sourcing.
- Human review precedes publication.
Accuracy remains mandatory.
12) Boundaries of Responsibility
SECMONS does not:
- Conduct live vulnerability testing
- Accept confidential vulnerability submissions
- Guarantee detection coverage
- Guarantee remediation outcomes
- Provide professional security services
See:
13) Transparency & Traceability
SECMONS emphasizes:
- Clear metadata fields
- Structured tagging
- Internal linking for context
- Source citation
- Update timestamps
Transparency is foundational to credibility.
14) Continuous Improvement
Cybersecurity intelligence evolves.
Methodology may be updated to reflect:
- Changes in disclosure norms
- Advances in threat intelligence practice
- Improved data structuring
- Governance refinement
Changes will be reflected in the lastmod date.