Skip to main content

Source Rating

The repository uses a six-level source reliability scale adapted from the NATO Admiralty Code (STANAG 2511). The full scale is defined in the Scoring Models page; this page provides quick-reference examples for the most common levels.

RatingMeaningExamples
AHighly reliable — strong methodology or direct primary evidenceGovernment advisories (CISA, INCD, FBI), MITRE ATT&CK, primary vendor CTI reports (Mandiant, Check Point Research, SentinelLabs, ESET, Unit 42)
BGenerally reliable — strong secondary synthesis or well-evidenced vendor summarySecurity news citing primary sources, secondary vendor summaries, authored CTI synthesis (including this repository's own Medium articles)
CMixed reliability — limited detail, weak methodology, or partial corroborationBlog summaries, conference slides without technical appendix, aggregator posts
DUnknown reliability — unverified public claim or source quality not assessedSingle-source vendor claims not independently corroborated
EKnown issues — weak sourcing, track record of inaccuracy, or significant methodology gapsDo not use for decisions without independent evidence
FUnreliable or deceptive — known false or adversarially manipulatedExclude from decisions entirely

Information credibility is tracked separately using a 1–6 scale (1 = Confirmed, 6 = Cannot be judged) defined in Scoring Models. Do not collapse source reliability and information credibility into a single rating.

Required Practice

  • Public claims by hacktivist personas MUST be corroborated before being treated as confirmed compromise.
  • Vendor actor names SHOULD be mapped carefully because naming taxonomies differ.
  • Source publication date MUST be considered when using IOCs.