I'm a national security researcher, not a computer security researcher or professional, and I've noted that there are some large differences in the types of information presented by sources. Perhaps it would be valuable to either: 1) have filterable tags for source types, or 2) have different tabs that separate out the different sources. I would prefer the former, but the latter would be fine.

In general, I see the types of sources as including:

• Threat reports: The technological descriptions, including threat indicators in code, TTPs etc. These are the reports security people need to diagnose whether they are under attack or vulnerable. Often these reports come out shortly after a vulnerability is discovered.
• News reports: Accounts of "what happened" sometimes from non-technical outlets like newspapers.
• Technical Analysis: Explanation of the technology of attacks or APTs in detail, from a technical perspective.
• "Real World" Analysis: Explaning what the attack did in the "real world" (e.g. politically, socially, business practices, money cost)

Has anyone else noticed differences across sources? Do these typologies capture the spectrum of source types? What would work better?