# Vuln Signal Content Governance Map Use this map before adding pages, categories, or large content batches. The goal is to keep the site useful for defenders without letting every good idea become a new top-level destination. ## Current Shape - Core: orientation, proof boundaries, operating routines, decision language, handoffs, evidence, and program governance. - Intel: daily vulnerability pressure, KEV, patch pressure, exposure operations, silent patches, zero-day lanes, and source-driven response. - Threats: threat map, campaign context, actor-style pivots, ransomware, exploit chains, and defensive interpretation of threat pressure. - Research: analytics, vendor/product history, patch-cycle patterns, methodology, longer-form interpretation, example libraries, and product-planning references. - Training: quizzes, drills, myth checks, scenarios, control matching, mini-game packs, local progress, training reports, Android-facing practice previews, and onboarding practice. - Tools: local utilities, lookups, calculators, converters, detection helpers, and analyst workbench helpers. - Status: live-data state, trust review, diagnostics, privacy, responsible use, release quality, and operational transparency. ## Add Or Consolidate Add a new page only when it creates one of these outputs: - A decision users cannot make from an existing page. - A repeatable workflow with a different owner, cadence, or evidence packet. - A tool or drill that needs its own input/output surface. - A public trust or release-readiness explanation that should be directly linkable. Consolidate into an existing page when: - The idea mostly adds examples to an existing workflow. - The audience and action lane are the same as an existing page. - The new content would repeat proof-boundary, EPSS, KEV, CVSS, or vendor-validation caveats. - The value is a better card, filter, copy block, or section inside a current page. ## Category Rules - Put first-use orientation in Core only when it helps users choose a path. Avoid adding more Core explainers unless no existing page can carry the idea. - Put current signal interpretation in Intel when the user is deciding what to do this week or today. - Put adversary, campaign, ransomware, and exploit-chain context in Threats when the page helps interpret hostile pressure without implying local compromise. - Put slower analysis in Research when the page compares sources, vendors, products, timing, patterns, or methodology. - Put product-planning material in Research when the page compares cybersecurity product ideas, MVP scopes, platform combinations, architecture choices, or portfolio tradeoffs. - Put games, quizzes, exercises, and onboarding practice in Training, even when the subject matter is CVSS, KEV, EPSS, tools, or handoffs. - Put app-facing practice state, local-only scenario outcomes, progress summaries, and practice reports in Training/Games. These surfaces must explain that they do not scan, test, or touch real systems. - Put calculators, parsers, converters, normalizers, and generators in Tools when the primary interaction is input to output. - Put health, trust, privacy, diagnostics, limitations, and release-readiness material in Status when the page explains how the site behaves or should be trusted. ## Current Examples Use these as precedent when deciding where a new idea belongs: - Core: Start Here, Workflows, Site Map, Decision Matrix, Evidence Checklist, Handoff Center, and Quality Center. These are first-use, routing, decision, handoff, or governance surfaces. - Intel: CVEs, Advisories, KEV, Patch Watch, Zero-Days, Silent Patches, Urgent, and Exposure Operations. These help users decide what needs action from current vulnerability signal. - Threats: Threat Map, Ransomware Watch, Exploit Chain Watch, Actors, Detection Starter Pack, and Detection Readiness. These interpret hostile pressure and defensive response needs without proving local compromise. - Research: Evidence Library, Priority Model, Affected Range Examples, Exploit Maturity Explainer, Security Product Lab, Product Lab Roadmap, CyberShield Dashboard, CyberShield Demo Scanner, CyberShield Report Preview, CyberShield Blueprint, CyberShield MVP Checklist, Product Demo Data Pack, PhishGuard Blueprint, APIShield Blueprint, ComplianceTrack Blueprint, Product Idea Matrix, Product Chooser, Platform Blueprints, Vendor Advisory Reading Guide, NVD vs Vendor Advisory Differences, Remediation Evidence Quality, Vendor Analytics, Product Analytics, Patch Tuesday Operating Routine, and Source Analytics. These compare sources, vendors, proof quality, product ideas, build scopes, safe prototypes, demo data, report outputs, patterns, or methodology. - Training: Learn Hub, Games And Quizzes, Games Hub, App Home Preview, Training Coach, Practice Packs, Mini-Game Player, Game Progress, Training Report, Daily Challenge, Mini-Game Scenario Library, Mini-Game Arcade, Scanner Finding Validation Drill, Vendor Advisory Quiz, CVSS Scoring Drill, Evidence Packet Drill, Remediation Closure Drill, and Leadership Briefing Drill. These are practice surfaces even when they teach Core, Intel, Research, Tool, or communication topics. - Tools: Tools Hub, Tool Chains, Search, Workspace, Compare, Brief Builder, IOC Extractor, IOC Normalizer, CVSS Calculator, Exposure Checker, Sigma Helper, YARA Helper, and formatters. These are input/output, local-workbench, or utility-chain surfaces. - Status: Status, Diagnostics, Trust Review, Privacy And Data Use, Responsible Use, Known Limitations, Data Freshness, and release QA docs. These explain health, trust, privacy, limits, and review posture. ## Core Page Guardrail Before adding a Core page, try these destinations first: - If the idea is a practice scenario, make it Training. Example: scanner validation became `scanner-finding-validation-drill.html` instead of another Core scanner explainer. - If the idea compares evidence quality, sources, vendors, or methodology, make it Research. Example: remediation proof grading became `remediation-evidence-quality.html`. - If the idea compares product ideas, MVP boundaries, architecture, SaaS strategy, build checklists, safe demos, demo data, report outputs, or portfolio tradeoffs, make it Research. Example: product ideas became `product-lab.html`, `product-lab-roadmap.html`, `cybershield-dashboard.html`, `cybershield-demo-scanner.html`, `cybershield-report-preview.html`, `product-lab-cybershield.html`, `cybershield-mvp-checklist.html`, `product-demo-data-pack.html`, `product-lab-phishguard.html`, `product-lab-apishield.html`, `product-lab-compliancetrack.html`, `product-chooser.html`, `product-idea-matrix.html`, and `platform-blueprints.html` instead of new top-level categories. - If the idea helps interpret current queues, active patch pressure, KEV, zero-days, or no-patch response timing, make it Intel. - If the idea is an input/output helper, make it Tools or add it to an existing tool surface. - If the idea is a tool follow-up, warning, or output interpretation rule, update `js/tool-guidance.js` and `docs/tool-workflow-chains.md` before creating another page. - If the idea explains trust, privacy, data health, release checks, limitations, or maintenance posture, make it Status. - If the idea mostly adds examples, add a section or next-action link to an existing page before creating a standalone route. - Workflows is the routing exception for this reconstruction phase: it should absorb "where do I go next?" pressure so new content does not need more top-level categories. - Home should stay a short landing menu. Add broad routing links to Workflows, not back into the Home dropdown. - When a section feels crowded, add or improve a lobby page before adding dropdown links. Current lobby pages include Visual Route Map, Games And Quizzes, Tool Chains, Report Gallery, and Report Builder Path. - Top navigation should stay on the seven-door model: Home, Workflows, Intel, Tools, Learn, Games, and Status. Dropdowns should stay grouped by intent, not become flat inventories. Add deep or duplicated routes to Workflows, Search, Site Map, Tools Hub, Games Hub, or page guidance instead of turning a dropdown into a full inventory. - Keep workflow lane definitions in `js/workflow-taxonomy.js` so Workflows, Page Guide, Site Map, and future route helpers do not drift into competing lane maps. - Search, Runbook Index, Role Paths, What's New, and other discovery pages should consume or reference the shared workflow taxonomy instead of inventing separate lane labels. - Use `docs/discovery-reconstruction.md` before changing the discovery switchboard pages or their first-screen pivots. - Use `docs/tool-workflow-chains.md` before changing shared tool workflow chains, result-quality warnings, or tool-to-tool pivots. - When adding or removing workflow-lane files, run `scripts/audit-content-quality.ps1` and check the Workflow taxonomy section for missing routes. ## Batch Rules - Pick one batch theme: content clarity, category balance, tools, training, release readiness, visual QA, trust wording, or performance. - Run `scripts/audit-content-quality.ps1` before broad content work and after route metadata changes. - Prefer adding examples or drills to Training, Research, Intel, or Tools before adding more Core pages. - Update Site Map, Quality Center, route manifest, route metadata, search index, release notes, and backlog when a new page or category appears. - Update Home, Start Here, Visual Route Map, Workflows, Site Map, and What's New when a new page should be found by problem, owner, output, or workflow instead of only by top navigation. - Add crosslinks from older related pages when a new page fills a follow-up step. Example: scanner validation and evidence quality are linked from false-positive, affected-version, remediation-evidence, and not-affected pages. - For tool batches, update shared workflow-chain and quality-warning guidance rather than adding one-off tool-page copy. - Regenerate generated artifacts with `scripts/production-build.ps1 -BaseUrl https://main-9et.pages.dev` before final review. ## Review Questions - What output does this content help the user produce? - Which owner or audience is it for? - Does an existing page already serve the same owner and output? - Is this better as a new page, a new section, an example pack, a drill, or a tool helper? - Which proof boundary could the user overstate after reading it? - Does the page need copy-ready language, validation steps, or a related-tool pivot? - Does the page add balance to Training, Research, Intel, Threats, Tools, or Status, or does it make Core heavier?