Skip to main content

Report Template

Required Sections

  1. Executive summary.
  2. Scope and authorization basis.
  3. Methodology.
  4. Findings summary.
  5. Evidence summary.
  6. Risk and impact.
  7. Remediation status.
  8. Limitations.
  9. References and appendices.

Publication Note

The public version should be written as a sanitized artifact. It should explain what was found and why it matters without increasing operational risk.

Review Requirements

A public report should separate public conclusions from private evidence. The final draft should state scope, authorization basis, evidence source class, limitations, and redaction status. Raw logs, screenshots, traces, customer data, and exploit construction details are not public report material by default.