I have never been interested in frameworks that look good only in a slide deck.
A framework should help someone do the work: help an analyst name what they are seeing, or a team compare one event to another. It should help an engineer build automation without stripping away context. It should help another organization understand the behavior without starting from zero.
That's why FT3 had to be open.
Not because open source is the point. Because shared defense is the point.
Fraud does not stay inside one company. Threat actors do not respect institutional boundaries. Infrastructure gets reused. Tactics get adapted. Techniques move across platforms, accounts, merchants, cards, identities, and financial systems.
If the adversary operates across institutions, the language for defending against them has to travel across institutions, too.
That changes what a framework needs to be.
It can't be a private diagram that only one team understands. It cannot be a naming system that works only inside one company’s tools. It cannot depend on one person being in the room to explain what a technique means.
A useful framework has to be visible. It has to be inspectable. It has to be specific enough for analysts and flexible enough for systems. It has to survive contact with real work.
Open source makes that possible.
But not automatically. Putting something on GitHub does not make it useful. But open source does give defenders a place to test the language against reality. It lets people challenge definitions, identify gaps, propose changes, build integrations, and adapt the work to problems the original authors may not have seen yet.
That matters because fraud defense is not a solved domain. It's a moving system.
The people closest to the work are often the first to see where the language is wrong, incomplete, or too vague. They see the edge cases. They see where a technique does not fit. They see where one pattern is actually three different behaviors hiding under the same name.
An open framework can turn them into improvement while a closed framework turns those same observations into private frustration.
So that is the builder’s posture behind FT3.
The goal was never to publish a taxonomy and declare it finished. The goal was to give the community something structured enough to use and open enough to evolve. Fraud teams, threat intelligence teams, red teams, policy teams, and engineers should be able to build on the same language without needing to flatten the problem into generic labels.
That is also why tooling matters.
A framework that only exists as documentation can help people think. That is useful. But a framework that can be mapped, versioned, queried, tagged, shared, and automated becomes something else. It becomes infrastructure.
That is where projects like Acheron and Anubis matter.
Acheron helps turn live threat intelligence into a machine-readable map of how fraud actors operate. Anubis gives living taxonomies a structured workspace, so they can be built, mapped, versioned, and shipped with software-grade integrity.
Together, they point at the larger idea: FT3 is no longer simply a written framework. It is becoming a system people can build with.
I think that distinction matters because a shared language is only powerful if it can move. It has to move from analyst notes into detections. From detections into policy. From policy into automation. From infrastructure into evidence. From evidence into disruption.
Open source gives that movement a path.
It lets the work leave the place where it started without losing its shape. It lets other defenders inspect it, extend it, and make it more useful. It makes the framework less dependent on any one company, any one team, or any one person.
Defensive infrastructure should compound.
Every contribution should make the system more precise. Every implementation should make the language easier to use. Every adoption should make it easier for the next team to understand what they are seeing and act on it faster.
Fraud actors already benefit from shared infrastructure, reused tooling, and patterns that travel.
Defenders need language that can travel too.