Overview
FlowViz is an open-source tool that analyzes cybersecurity articles and generates interactive attack flow visualizations mapped to the MITRE ATT&CK framework. Our gallery allows users to share their saved FlowViz analyses (.flowviz files) with the security community. When you upload a visualization to the gallery, you're contributing to collective defensive knowledge. This policy helps ensure all uploaded content is appropriate, legal, and valuable.
✅ Great Uploads
We encourage FlowViz analyses based on publicly available cybersecurity research:
- →
Public threat intelligence and malware analysis
Technical writeups analyzing malware behavior, published threat reports, and vendor security blogs with detailed attack chain analysis
- →
Disclosed vulnerabilities and security research
Attack chains from disclosed CVEs, published academic papers, and security conference presentations
- →
Security blog articles and technical writeups
Publicly available security blog posts and articles describing real-world attacks and incidents
⚠️ Check First
Some FlowViz analyses may be appropriate to share, but require verification first:
- →
Penetration test or red team findings
Get explicit written permission from the client and ensure remediation is complete
- →
Internal threat hunting or incident response
Check your employer's data sharing and intellectual property policies
- →
Collaborative threat research
Ensure all co-authors and organizations consent to public sharing
- →
Attack flows from commercial threat intel feeds
Verify the vendor's license permits derivative works and public sharing
- →
Analyses of security products or vendor tools
Respect responsible disclosure agreements and vendor relationships
❌ Never Upload
The following content types are strictly prohibited:
- →
Attack flows for active, unpatched zero-days
Wait for responsible disclosure timelines and vendor patches before sharing
- →
Proprietary client assessments or confidential findings
Never share attack flows from client engagements protected by NDAs
- →
Classified or export-controlled threat intelligence
Respect government restrictions on cybersecurity tools and threat data
- →
Analyses containing PII or sensitive credentials
Redact usernames, passwords, internal IP addresses, domain names, and hostnames
- →
Unauthorized reproductions of proprietary threat research
Don't upload analyses of paid threat intel reports without permission
- →
Attack flows designed to harm or enable attacks
FlowViz is a defensive tool for education and threat hunting, not weaponization
Your Rights & Responsibilities
You Own Your Content
You retain all ownership rights to the content you upload to FlowViz. When you share a flow visualization, you grant FlowViz a license to display, distribute, and store it, but you remain the owner. See our Privacy Policy for details on how your data is stored and processed.
Data Storage and Privacy
When you upload a flow to the gallery:
- Your .flowviz file is stored in Firebase Storage (Google Cloud infrastructure)
- Flow metadata (title, description, timestamps) is stored in our Firestore database
- Your User ID is stored internally to associate uploads with your account
- If you choose anonymous posting, your username is hidden from the public but your User ID remains linked to the upload
- Public flows are accessible to anyone with the link; private flows are only visible to you
For complete details on data collection and your privacy rights, please read our Privacy Policy.
You Are Responsible for Your Uploads
By uploading content, you confirm that:
- You have the legal right to share the content publicly
- The content does not violate any confidentiality obligations
- The content does not infringe on anyone's intellectual property
- You've properly redacted any sensitive information
- You will defend FlowViz against any claims arising from your upload
See our Terms of Service for full legal terms governing content uploads.
Reporting & Removal
Report Inappropriate Content
If you discover content that violates this policy, please report it to us at admin@junbitech.com.
DMCA Takedown Requests
If you believe your copyrighted work has been uploaded without permission, please send a DMCA takedown notice to admin@junbitech.com with:
- Description of the copyrighted work
- URL of the infringing content on FlowViz
- Your contact information
- Statement of good faith belief
- Statement under penalty of perjury
- Your physical or electronic signature
Voluntary Removal
You can delete your uploads at any time from the "My Uploads" page.
Questions?
If you're unsure whether your content is appropriate to upload, err on the side of caution and contact us at admin@junbitech.com before uploading. We're here to help!