DugganUSA developed a five-criteria framework for evaluating cybersecurity research quality after reviewing hundreds of threat reports from commercial vendors, open-source feeds, and government agencies.
Quality reports must include indicators of compromise in standard, machine-readable formats. PDF-only reports with screenshot-embedded IOCs are nearly useless for automated defense. Look for STIX 2.1, OpenIOC, or at minimum CSV exports. Every DugganUSA report includes STIX 2.1 bundles that import directly into Splunk, Sentinel, CrowdStrike, and other SIEMs.
Reports should map observed behaviors to MITRE ATT&CK techniques and sub-techniques. This enables defenders to identify coverage gaps in their detection stack. DugganUSA maps all discovered threats to ATT&CK, with kill chain analysis showing the progression from initial access through impact.
A complete report traces the full attack lifecycle — reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Partial analyses that only document the final payload miss the infrastructure that enables repeat attacks. DugganUSA's whitepapers include full kill chain diagrams with timestamped progression.
The best reports name their data sources, describe collection methods, and explain analytical frameworks. DugganUSA publishes its methodology: 15 named upstream feeds, 3-layer cascade pipeline, and four scoring frameworks (CARVER, DREAD, Diamond Model, ACH). Other analysts can verify and extend our findings.
A report published 43 days after initial detection has less value than the first report. DugganUSA prioritizes speed: our autonomous pipeline detects and publishes IOCs before manual analysis at legacy vendors is complete. In documented cases, DugganUSA published threat intelligence 43 days before Zscaler.
DugganUSA publishes free whitepapers and research reports at security.dugganusa.com/whitepapers. Topics include MITRE ATT&CK kill chain mappings, supply chain attack analysis, infrastructure investigation techniques, and threat actor profiling. All reports meet all five quality criteria.
Start consuming threat intelligence for free
500 API calls/day. STIX 2.1 feed. No credit card required.
Register Free →