Trust

Fact-Checking Policy

Quantum cryptography moves fast and gets misreported often. Here is exactly how we check claims before we publish them, and what we do when something turns out to be wrong.

Last reviewed: July 2026

Guiding principle

Better to under-claim than to over-claim. If we can only cite a vendor blog post for a security property, we say "vendor claims" and explain what independent evidence would look like. A conservative statement that ages well beats a sharp statement that requires silent editing later.

The four-step process

  1. Primary source lookup. Every specific claim (parameter set, key size, timeline date, standardization step) is traced to a NIST publication, IETF draft/RFC, protocol repository commit, peer-reviewed paper, or the project's own signed release notes.
  2. Second reader review. A second contributor re-derives the claim from the cited source without reading the draft first. Discrepancies block publication.
  3. Uncertainty flag. Any claim that depends on a future event (Q-day timelines, roadmap ship dates, breakage estimates) is written with an explicit confidence marker and a link to methodology.
  4. Reader-facing sources block. Sources appear at the bottom of every research note in a labelled Sources section so readers can verify without hunting.

Source hierarchy

When two sources disagree, we default to the higher tier:

  • Tier 1 — NIST FIPS/SP, IETF RFCs, peer-reviewed cryptographic papers.
  • Tier 2 — IETF drafts, official protocol repositories, signed release notes, audit reports from named cryptographers or firms.
  • Tier 3 — foundation blogs, developer forum posts, conference talks, credentialed cryptographers on personal channels.
  • Tier 4 — general news reporting. Used only for context, never as sole evidence for a security claim.

Handling uncertainty

Cryptographically relevant quantum computers do not yet exist. Any statement about "when" is a forecast, not a fact. We use language like most public estimates place, the conservative planning horizon is, and no public evidence supportsinstead of dressing forecasts up as certainties.

AI-assisted drafting

Some drafts are outlined with the help of language models. See the full AI Usage Disclosure. Every AI-touched sentence is reviewed by a human contributor against primary sources before publication. Language models do not generate scoring, rankings, or recommended actions.

How we publish corrections

Material corrections are appended to the affected page in a dated changelog and, where they affect a scored project, reflected in the next rankings update. Silent edits are reserved for typos and formatting.

Report an error

Email support@quantumcryptorisk.com with the URL and the specific sentence you're disputing. Include a link to the primary source you think we missed and we will respond within five business days.