a9n Framework

The a9n framework is an open framework for communicating the characteristics and severity of digital managed attribution risk. It is inspired by FIRST’s Common Vulnerability Scoring System (CVSS) for software, hardware and firmware vulnerabilities, and Ntrepid’s managed attribution taxonomies.

Attribution is defined as the “action of regarding something as being caused by a person or thing”. Digital managed attribution is the process for shaping digital identifiers to control what conclusions others draw about the identity of a digital entity. a9n is a numeronym for attribution.

The a9n Framework is owned and managed by Xewli Ltd. Xewli reserves the right to update it and this document periodically at its sole discretion. While Xewli owns all right and interest in the a9n framework, it licenses it to the public freely for use, subject to the conditions below:

  • Xewli requires that any individual or entity using the a9n Framework give proper attribution, where applicable, that it is owned by Xewli and used by permission.

  • Xewli requires as a condition of use that any individual or entity which publishes scores conforms to the guidelines described in this document and provides both the score and the scoring vector so others can understand how the score was derived.

  • No individual or entity using the a9n Framework may claim that their implementation of it is approved or endorsed by Xewli.