Sources Policy

How TechDefused chooses sources, attributes them, and handles the harder cases — unnamed sources, embargoed material, coordinated security disclosure, and information that is sensitive enough that publishing it on the wrong day causes real harm.

Last updated 13 May 2026

Why This Page Exists

A technology publication is only as trustworthy as its sources. Get the sourcing right and most of the editorial work is already done; get it wrong and no amount of careful writing can rescue a story.

This page documents how TechDefused chooses sources, how we attribute them, what we will and will not do with unnamed sources, and — most importantly — how we handle the cases where the question is not whether to publish but when. Security disclosures, embargoed launches, and pre-public material non-public information all fall into that category, and TechDefused holds a strict line on each.

Source Selection

TechDefused builds coverage from primary, verifiable source material wherever it exists. The hierarchy is deliberate.

Primary Sources (Preferred)

  • Vendor releases, official blog posts, and press kits from named companies
  • S-1, 10-K, 10-Q, 8-K, and other regulatory filings
  • Security advisories and CVE database entries from the issuing party (vendor PSIRTs, MITRE, NVD, CERT/CC, project security teams)
  • GitHub releases, changelogs, and official release notes
  • Model cards and benchmark publications
  • Official conference programmes and keynote recordings
  • On-record interviews with named principals
  • Federal Register, EU Official Journal, FCA, SEC, FTC, and CMA filings and announcements

Secondary Sources (Used with Attribution and Caution)

  • Analyst-house reports from Gartner, Forrester, IDC, and equity research desks
  • Vendor PR and prepared spokesperson statements
  • Trade press and other news organisations' reporting
  • Industry surveys, league tables, and benchmarking studies
  • Patent filings — useful as signal, but interpretation requires care
  • Earnings transcripts — useful for quoted claims, but claim-vs-fact distinctions matter

Secondary sources are useful for context, reaction, and direction of travel. They are not themselves the ground truth, and we attribute them as what they are. The two-pass QC architecture that grounds claims back to source material is documented on the verification and fact-checking page.

Source Quality Maintenance

We regularly evaluate source quality and remove sources that fail to maintain standards. Where multiple outlets cover the same development, the organisation that broke the news first is credited.

Attribution Standards

Every piece of TechDefused content clearly attributes:

  • Original reporting to its source publication
  • Direct quotes to their speaker, with the speaker's role and affiliation
  • Data and statistics to the publishing organisation or feed
  • Breaking news to the first publisher
  • Exclusive information to the organisation that obtained it
  • Analyst views to the named analyst-house and individual analyst where stated
  • Vendor claims to the underlying release, filing, advisory, or model card
  • Security findings to the researcher or team that disclosed them, and to the coordinating body where applicable

Attribution Format

Standard forms TechDefused uses:

  • "According to [Source Publication]…"
  • "As reported by [Source Publication]…"
  • "[Vendor] said in a release that…"
  • "[Researcher / Team] disclosed in [Advisory] that…"
  • "[Analyst], [Firm], wrote in a note that…"
  • Direct link to the source in the article body or metadata

Where TechDefused cites a competitor's reporting, the competitor is credited and linked.

Named Sources

Our default is named sourcing. Coverage drawn from a named vendor executive, a named researcher, a named analyst, or a named regulator carries that attribution. Quotations are reproduced exactly with clear attribution to the speaker. Composite or invented quotes are prohibited.

Where a named source is being cited from a public document — a filing, a transcript, an advisory, a release — the source document is cited alongside the speaker.

Unnamed Sources

TechDefused uses unnamed sources sparingly and on specific terms. The bar is high precisely because unnamed sourcing is the easiest place for opinion, agenda, and laundered messaging to enter a story.

When We Will Use Them

  • When the information is materially in the public interest and cannot reasonably be obtained on the record
  • When the source has direct, verifiable knowledge of the matter rather than second-hand impressions or rumour
  • When the source's reason for anonymity is legitimate — typically professional or personal risk, not commercial preference or convenience
  • When at least one corroborating source — named or unnamed — supports the substance, or there is independent documentary backup

How We Use Them

  • The reason for anonymity is described to the reader, in terms that don't compromise the source
  • The source's relationship to the subject is characterised accurately ("a person with direct knowledge of the disclosure timeline", "a former engineer on the team", not "a source close to the company" where more specific framing would be honest)
  • Coverage clearly distinguishes what the unnamed source said from what is on the record from documents or named individuals
  • Editorial leadership signs off on the use of unnamed sourcing before publication

What We Will Not Do

  • Publish single-source unnamed claims that materially affect a vendor's reputation, that materially affect the framing of a security incident, or that materially affect personnel under criminal or regulatory investigation — except where independent documentary evidence is also available
  • Use anonymity to launder vendor PR, IR-supplied framing, analyst-house commercial positioning, or rivals' attacks on a coverage subject
  • Quote unnamed sources as a way to import opinion into ostensibly straight news coverage
  • Treat anonymous chatter on community forums, leak sites, or encrypted-channel screenshots as standalone sourcing

Responsible Disclosure and Security-Sensitive Information

TechDefused will not publish security-vulnerability or pre-disclosure information before the vendor's or researcher's stated coordinated disclosure window closes. This is the strictest position on this page and the one we hold most firmly. The reasoning is direct: premature disclosure of a vulnerability gives attackers an operational advantage over defenders, and a publication's traffic interests do not justify that trade.

The principle aligns with how the security industry itself operates — coordinated disclosure between researchers, vendors, and coordinating bodies (CERT/CC, JPCERT, national CERTs, project security teams) is the norm, and TechDefused respects it.

What This Covers in Practice

  • CVE-class security disclosures. TechDefused holds coverage of a specific vulnerability until the coordinated disclosure date the researcher and vendor have agreed. Where a CVE is reserved but not yet disclosed, that status is respected.
  • Embargoed analyst reports and vendor announcements. Embargoes are respected on their stated terms. Coverage is published at the embargo's lift, not before. No agreement to embargo terms is entered into without editorial approval.
  • Material non-public information. Where TechDefused comes into contact with material non-public information about a listed technology issuer — pre-disclosure financial figures, unannounced M&A, undisclosed regulatory actions — coverage is held until that information is public. The editorial response is to seek comment from the issuer rather than to publish in advance.
  • Pre-IPO and S-1 amendments. Where filings exist in draft, under confidential review, or not yet on the public docket, TechDefused waits for the public filing rather than reporting from leaked or supplied drafts.
  • Active incidents. Where a security incident is live and the vendor is actively patching or coordinating with defenders, TechDefused does not publish operational detail (working exploit code, undisclosed indicators of compromise, attack techniques not yet in the public record) that would aid an attacker. High-level coverage of the incident is acceptable where the existence of the incident is already public.
  • Researcher requests for hold. Where a researcher asks TechDefused to hold publication pending coordination with the affected vendor, we honour that request when the disclosure date is set and the timeline is reasonable.

The Narrow Exception Envelope

There are circumstances where holding a story does more harm than publishing it. TechDefused recognises a narrow exception envelope, and crossing it requires editor-level sign-off. We will consider publishing inside an embargo or disclosure window only when at least one of the following is true, and even then only with explicit editor-level approval:

  • The information is already widely circulating in the public record, such that further silence from TechDefused does not protect anyone but does deprive readers of available facts
  • Active harm is occurring — exploitation in the wild, ongoing data loss, user-affecting outage — and silence is enabling the harm to continue
  • The disclosure window is unreasonably extended without justification, and the public-interest cost of continued delay outweighs the cost of disclosure

The default is to hold. The exception is the exception, not the working assumption. Where TechDefused does decide to publish inside a disclosure window, the editorial reasoning is documented internally and disclosed in the published coverage.

What This Is Not

Responsible disclosure is not a veto for vendors. Where a vendor uses "coordinated disclosure" framing to indefinitely defer disclosure of a vulnerability that is materially affecting users, the disclosure window has become unreasonable and the third exception above is available. The principle protects defenders and users; it does not protect vendors from accountability.

Editorial Team Restrictions Around Sensitive Information

Editorial team members are prohibited from trading on the basis of unpublished editorial work, from trading in advance of published coverage, and from trading in single-name listed technology equities they are actively covering. The full personal-holdings disclosure regime — covering equity, tokens, options, advisory work, free hardware, and cooling-off periods — lives on the ethics page.

Where editorial team members come into contact with material non-public information through the course of reporting, that information is not used personally and not shared outside the editorial process needed to handle the story.

Vendor PR, Analyst-House Material, and Sponsored Research

Vendor-supplied material — investor relations factsheets, briefing decks, pre-arranged briefings, exec interview transcripts, paid analyst-house notes, and vendor-commissioned benchmarks — is treated as one structured input among several. It can inform coverage but does not control it.

When TechDefused cites this material, we attribute it accurately to its source: a vendor briefing, a paid analyst-house note, a vendor-commissioned benchmark, a sponsored whitepaper, an influencer briefing. Sponsored research from a research house paid by the issuer or vendor it covers carries different evidentiary weight than independent coverage, and we note the distinction where it matters.

Vendor-supplied benchmarks are reported as vendor-supplied and distinguished from independent evaluations. Independent benchmark publications carry more weight than vendor-run comparisons of their own products against competitors.

Anonymous Tip Lines

TechDefused accepts confidential tips at tips@newsdefused.com. Tips are reviewed editorially. Publication of tip-line material requires the same standards as any other unnamed sourcing: direct knowledge of the matter, legitimate reason for anonymity, corroboration, and editorial sign-off.

Security researchers with vulnerability findings are welcome to coordinate with TechDefused on disclosure timing, but the established vendor-coordination channel — vendor PSIRT, CERT/CC, project security team — is the right first stop. Our role is reporting, not coordination.

Source Confidentiality

Sources who provide information on confidential terms are protected. TechDefused does not disclose the identity of confidential sources to third parties — including coverage subjects, regulators, and law enforcement — outside legal compulsion that exhausts available challenges.

The same protection extends to security researchers who share pre-disclosure information on coordination terms. Coordination relationships do not survive being burned, and TechDefused does not burn them.

Contact

Editorial inquiries about sourcing: editorial@newsdefused.com.

Confidential tips: tips@newsdefused.com.

Corrections or concerns about sourcing in published coverage: corrections@newsdefused.com.

This sources policy is part of TechDefused's broader editorial standards framework. See also: Trust, Editorial Standards, Verification and Fact-Checking, Ethics, and Corrections.