Our Commitment to Data Quality
The integrity of our research depends on rigorous data standards. We maintain strict protocols for data collection, verification, and storage to ensure our findings are accurate, reproducible, and defensible.
Core Data Principles
- Accuracy: All data points are verified through multiple sources where possible
- Completeness: We document what we know and what remains unknown
- Timeliness: Timestamps and version control track when data was collected
- Provenance: Every data point has a documented source and collection method
- Security: Data is encrypted at rest and in transit
Data Collection Standards
Passive Collection Only
All data is collected through passive means using publicly available sources. We never attempt to access systems beyond what is publicly exposed, and we do not use credentials, exploits, or social engineering.
Source Documentation
Every piece of data includes metadata documenting its source, collection timestamp, collection method, and any transformations applied. This enables full reproducibility of our research.
Verification Requirements
Critical findings require verification through at least two independent methods or sources before publication. We clearly distinguish between verified facts and analytical assessments.
Data Storage & Security
- Encryption: All research data is encrypted using AES-256 at rest
- Access Control: Data access is limited to authorized researchers on a need-to-know basis
- Backup: Regular encrypted backups are maintained in geographically distributed locations
- Retention: Data retention follows our Data Retention Policy
- Deletion: Secure deletion protocols ensure data is unrecoverable when removed
Data Formats
We use standardized, open formats for data storage and exchange:
- Structured Data: JSON with documented schemas
- Documents: Markdown for reports, PDF for archival
- Evidence: Original format with cryptographic hashes for integrity verification
- Metadata: Dublin Core standard with extensions for OSINT-specific attributes
Quality Assurance
Our quality assurance process includes:
- Automated validation checks on all incoming data
- Peer review of research findings before publication
- Regular audits of data collection processes
- Version control for all datasets with change tracking
- Clear documentation of data limitations and uncertainties
Interoperability
Where appropriate, we align our data formats with established standards in the security research community, including STIX/TAXII for threat intelligence sharing and common vulnerability enumeration formats. This enables collaboration with other researchers and organizations.