Information-rights posture has two axes — how open the government is (Right to Information) and how protected the citizen is (Data Protection). Joining the two new Voidly datasets on country (a rare exact key), this maps the two-by-two space and the real tension where privacy law is used to deny access and openness without protection exposes individuals.
There is no single US cyber-breach registry. One incident can surface in three unconnected federal places — CISA’s KEV catalog (the exploited vulnerability), an SEC 8-K Item 1.05 filing (the material event), and the HHS OCR breach portal (health data) — each with a different trigger, threshold, and clock. A guide to joining them by victim organization and date.
The full catalog of known software vulnerabilities runs into the hundreds of thousands — far too many to patch all at once. CISA’s Known Exploited Vulnerabilities catalog cuts that universe down to the ~1,600 CVEs confirmed to be exploited in the wild, and Binding Operational Directive 22-01 turns the list into an enforceable federal patching mandate. This guide reads it as the highest-signal vulnerability prioritization feed the government publishes.
The Federal Trade Commission announces nearly everything it does — every settlement, every merger challenge, every new rule — through a press release, and those releases together form a searchable public log of US consumer-protection and antitrust enforcement. This guide reads the FTC’s ~10,700-record press and enforcement archive as a dataset: the Section 5 frame, the consumer-protection and competition missions, landmark privacy penalties, the shifting priorities of junk fees and noncompetes and big-tech antitrust, and a Python workflow that tallies releases by year and topic.
HHS-OCR publishes every reported healthcare data breach affecting 500+ patients — the "Wall of Shame." Over 5,000 entries covering ransomware attacks, stolen laptops, unauthorized employee access, and business associate failures. Here is what the database contains and what it reveals about healthcare security failures.
The NIST National Vulnerability Database is the federal record that turns CVE identifiers into structured, comparable data — roughly 459,000 catalogued software vulnerabilities, each carrying a CVE ID, CVSS severity score, CWE weakness type, affected products, and references. It is the layer that makes the world catalogue of known vulnerabilities something you can query, rank, and prioritize.
The CISA Known Exploited Vulnerabilities catalog lists CVEs confirmed as actively exploited in the wild — with mandatory federal patching deadlines under BOD 22-01. Here is the catalog structure, how CISA decides what gets listed, how it differs from CVSS severity scoring, and how security teams use it as a minimal-patch prioritization framework.
How the Swarm SDK rotates cryptographic material without grounding the fleet — scheduled signed pre-key rotation on a 7-day timer, OTP replenishment when bundle drops below 20 keys, emergency revocation via gossip-flooded KeyRevocationAnnouncement, BKPSRAM zeroization with 0xFF pattern verification, and staggered rotation coordination across the mesh.
How the Swarm SDK protects drone mesh communications against traffic analysis — six fixed message size bins, ±15% transmission timing jitter, store-and-forward ring buffer for burst smoothing, degraded-channel operational mode, and RF fingerprint resistance on STM32H7.
How Voidly protects probe operators in jurisdictions that criminalize censorship measurement: strict data minimization (no name, address, or IP logging), WireGuard peer-key authentication, daily probe ID pseudonymization, optional Tor hidden service upload, measurement scrubbing, country-tier legal risk assessments, and a one-tap emergency stop with full data erasure.
How Voidly delivers measurement configuration to probes without a persistent control channel: gzip+CBOR bundles signed with Ed25519 (signature verified before decompression to prevent zip-bomb attacks), a pull-based auto-update scheduler with 6-hour intervals and exponential backoff, version pinning and two-snapshot rollback, and anonymous country tokens derived via BLAKE3 from ISO code + epoch-week salt so the CDN cannot correlate which overlay a probe applies.