Unknown is an answer

There is a quiet decision buried inside every scoring system, and almost everyone makes it the wrong way.

When the system doesn't have enough information about a device to reach a real conclusion, it has to do something with the gap. The common choice is to fill it optimistically — assume the missing controls are probably fine, assume no news is good news, and return a confident-looking score anyway. The dashboard stays green. Everyone moves on.

I think that is the single most dangerous thing a trust model can do.

A false green is worse than no green

A score is a claim. When you hand someone a high score for a device you can barely see, you are making a claim you have no basis for — and worse, you are hiding the fact that you can't see it. The reader has no way to tell a genuine "this is healthy" from a manufactured "we didn't look closely and decided to assume the best." Both come back as the same comforting number.

That is how estates end up with confident coverage over their best-understood systems and silent blind spots over everything else — and no signal anywhere that the blind spots exist.

The continuous-monitoring model abstains on purpose

The Infrastructure Trust Continuous Monitoring model (ITCM) handles this differently, and it is one of the design choices I am most deliberate about. When coverage is too thin to support a verdict, the device does not get an optimistic default. It reads Unknown.

Unknown is not a failure state and it is not a low score. It is a precise, honest statement: we have not observed enough to conclude, and we are not going to pretend otherwise. It sits alongside the real verdicts — trusted, uncertain, untrusted — as a first-class outcome, because not-yet-knowing is a real condition of the world and a model that can't express it is lying by omission.

And it is actionable in the cleanest possible way. An Unknown tells you exactly where to point attention: install the sensor, add agentless credentials, raise coverage. The moment there is enough signal, the Unknown resolves into a real answer. You are never guessing — you are either concluding from evidence or being told, plainly, that the evidence isn't there yet.

Why this is the whole game

Trust is a claim you have to be able to defend. The fastest way to make it indefensible is to assert it where you have no grounds. A model that knows the boundary of its own knowledge — that says "I don't know" out loud instead of smoothing it into a number — is not a weaker model. It is the only kind strong enough to put in front of someone who will be hurt if it's wrong.

Unknown is an answer. Often it is the most honest one available, and honesty is the only foundation a trust system is allowed to be built on.