Assessing information quality in news
“Any geopolitical conflict from now on is guaranteed to have some cyber element to it” – Nicole Perlroth
Looking for interesting stories about cybersecurity issues is not hard. Assessing information quality is harder. Looking at raw Twitter feeds like the #cybersecurity hash tag, it is harder to parse low and bad information quality for good.
This is where reputation is valuable. This why having highly trusted news sources is important to a democracy and to someone seeking to navigate the larger economy. HackerNews is pretty good. I will take a recent article and break down what I'm looking for in a new story - as means of assessing the information quality.
A news article should have the following elements:
1. Specific info (who/what/where/when).
2. Sources cited - beware of unnamed officials. There is a line between protecting source confidentiality and "trust us" - public relations is not journalism.
3. A line between a bias, and an agenda. A bias is fine. A bias toward one political party or an other, for example is to be expected. An agenda in a story means that facts can become flexible in service of that agenda. That is not fine. Omissions or framing are problems in reporting.
A sample from a recent HackerNews story is excellent, matter-of-fact reporting. The second and third pargraphs of this story are great:
The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in Log4j (CVE-2021-44228)," researchers from Mandiant said in a report published Tuesday, calling it a "deliberate campaign."
Besides web compromises, the persistent attacks also involved the weaponization of exploits such as deserialization, SQL injection, and directory traversal vulnerabilities, the cybersecurity and incident response firm noted.
Most importantly, they are linking you to the source material, a report from Mandiant.
This is how news ought to be.