Skip to content
CrisisCore Systems
ProjectsWritingProofAboutContact
← Back to writing
Writing / Article
2026-02-20

The Overton Framework and Systems Analysis

A method for modeling legal, operational, and digital threat surfaces

When you live under pressure, you do not get to improvise your safety. Ad hoc defenses collapse under stress.

A protective posture requires a framework that produces artifacts.

Artifacts can be reviewed. Artifacts can be audited. Artifacts can be re evaluated when assumptions change.

The Overton Framework exists to make protective engineering legible.

It is a systems analysis method that forces clarity across three domains

Digital surfaces Operational surfaces Legal and institutional surfaces

Why the model includes law and operations

Most security writing focuses on exploits. That is necessary, but incomplete.

Real threats are often coercive. They are implemented through policy, process, and incentives.

If your threat model ignores these forces, your engineering will be mis scoped.

The framework treats institutions as actors. It treats processes as attack surfaces. It treats incentives as failure modes.

What the framework demands

Explicit boundaries What is protected From whom Under which assumptions

Documented workflows How a decision is made Who can override it What evidence exists when it fails

Proof surfaces Stable references such as DOI backed records Reproducible timelines such as repository history Verifiable outputs such as dossiers and checks

This portfolio as an artifact

A portfolio is usually marketing.

This one is engineered as an auditable system.

Content is centralized. Schemas validate frontmatter and JSON content. Links are checked before builds. Core routes are smoke tested. Navigation and projects filtering work without scripts.

These are not aesthetic choices. They are threat model choices.

If your credibility is contested, your work must survive hostile inspection. That is what the framework optimizes for.

How to use it

If you are building a system

Start by writing the boundary statement. List your non negotiables. List what happens when they do not hold.

Then map the operational reality. Who is on call. What fails first. What can be rolled back.

Then map the legal and institutional environment. What data requests can occur. What compliance demands will shape behavior. What coercion pressures exist.

Finally, generate proof artifacts. A dossier. A DOI backed document. A set of checks.

If you can not produce artifacts, you do not have a protective system.

Links

The canon dossier entry is at /projects/overton-framework The proof surface is at /proof

Continue reading
Writing indexProjectsProof