Skip to content

BACKLOG.md

Latest commit

 

History

History
57 lines (38 loc) · 3.2 KB

BACKLOG.md

File metadata and controls

57 lines (38 loc) · 3.2 KB

OAK Backlog — auto-generated

Generated by tools/build_backlog.py on 2026-05-15. Regenerated on every npm run site:data.

Scope: 573 worked examples, 136 Techniques, 18 Threat Actors.

This file is a prioritized contributor backlog. P0 items close hard structural gaps (empty Tactics, placeholder actor cards). P1 items lift per-Tactic coverage below the documented minimum. P2 items anchor candidate sub-Techniques from TAXONOMY-GAPS.md.

Before researching a candidate incident, run python3 tools/check_known.py "<description>" to avoid duplicating an existing entry.

P0 — empty Tactics × active years

Each (Tactic, year) cell below has zero documented incidents despite the Tactic being active in that year. Closing these is the highest leverage for matrix completeness.

  • T12 × 2026 (NFT-Specific) — 0 / target ≥1

P0 — actor profiles without attributed incidents

  • OAK-G06 (evil corp) — actor card exists, 0 worked examples attribute this actor
  • OAK-G07 (apt43 kimsuky) — actor card exists, 0 worked examples attribute this actor
  • OAK-G09 (andariel) — actor card exists, 0 worked examples attribute this actor
  • OAK-G11 (black basta) — actor card exists, 0 worked examples attribute this actor
  • OAK-G13 (iranian crypto operators) — actor card exists, 0 worked examples attribute this actor
  • OAK-G16 (akira) — actor card exists, 0 worked examples attribute this actor
  • OAK-G17 (blackbyte) — actor card exists, 0 worked examples attribute this actor
  • OAK-G18 (karakurt) — actor card exists, 0 worked examples attribute this actor

P0 — sub-Techniques without canonical anchor

  • all sub-Techniques have at least one referencing example

P1 — Tactics under per-year minimum coverage

Tactics where the documented incident count for an active year falls below the target threshold (see COVERAGE-TARGETS.md).

  • T1 × 2026 (Token Genesis) — 1 / target ≥5
  • T2 × 2026 (Liquidity Establishment) — 1 / target ≥3
  • T4 × 2026 (Access Acquisition) — 3 / target ≥4
  • T7 × 2026 (Laundering) — 1 / target ≥4
  • T8 × 2026 (Operator Continuity / Attribution Signals) — 2 / target ≥3
  • T13 × 2026 (Account Abstraction) — 2 / target ≥3
  • T14 × 2026 (Validator / Staking) — 2 / target ≥3
  • T15 × 2026 (Off-chain Entry-Vector / Pre-Positioning) — 1 / target ≥3
  • T16 × 2026 (Governance / Voting Manipulation) — 1 / target ≥2

P2 — TAXONOMY-GAPS candidates without an example anchor

Sub-Technique IDs proposed in TAXONOMY-GAPS.md but not yet referenced by any worked example. Promoting these to emerging requires at least one anchor case.

  • OAK-T9.006.005 — proposed in TAXONOMY-GAPS, 0 referencing examples

How to claim an item

  1. Pick a P0 / P1 / P2 line item that matches your research interest.
  2. Run python3 tools/check_known.py "<incident description>" against your candidate to confirm it isn't already documented.
  3. Open a GitHub issue with the line item title (e.g. [backlog] T13 × 2024 — paymaster compromise candidate) so others can see what's claimed.
  4. Submit a PR per CONTRIBUTING.md. The PR template has a Checklist that runs the validators locally.