Final Scoring & Ranking: FOSS NVR Execution Engines + High-Rigor Physical / Medical / Ballistic Oracles

A unified rubric that prioritizes sovereignty, local control, privacy, and anti-theater signal—while still valuing physics-anchored rigor and operational usefulness.

Lens: sovereignty-first, FOSS/privacy maximalist, anti-simulation Tool classes: execution engines • physics oracles • narrative shells Last updated: 2026-03-05
SR: Technical Signal & Rigor SA: Sovereign/FOSS/Privacy Alignment OR: Operational Relevance GA: Global Reach & Forkable Use AS: Anti-Simulation / BS Resistance CD: Capture Risk (inverted)

Table of contents

1) Framework (axes, weights, composite) 2) Final ranking (tiers) 3) Full score table 4) Detailed profiles (all items) 5) Handling model & interpretive notes

Executive summary

Tier-1 is dominated by locally-run, inspectable FOSS NVR engines. Tier-2 is a tightly clustered band of high-rigor but structurally captured registries/standards (use as telemetry, not authority). Tier-3 is a police/policy badge layer that wraps technical standards with narrative governance.

Composite formula

Composite = 0.20·SR + 0.25·SA + 0.20·OR + 0.10·GA + 0.15·AS + 0.10·CD

CD is inverted: 100 = minimal dependency / easy to exit, 0 = maximal capture / chokepoint leverage.

1) Framework (final)

Axes (0–100 each)

  • SR — Technical Signal & Rigor (20%): realism, repeatability, clear levels, physics/evidence grounding.
  • SA — Sovereign / FOSS / Privacy Alignment (25%): self-host/offline viability, open access, low telemetry, minimal account friction.
  • OR — Operational Relevance (20%): direct usefulness for real defensive architecture (perimeter, locks, safes, armor, trauma, surveillance).
  • GA — Global Reach & Forkable Use (10%): cross-jurisdiction portability; usefulness as a shared language without permission.
  • AS — Anti-Simulation / BS Resistance (15%): resistance to marketing theater; clarity of classes; output tied to measurable performance.
  • CD — Capture / Dependency Risk (10%, inverted): structural chokepoints, policy/insurer/police/military entanglement, ease of exit/fork.

Tool classes (explicit)

  • Execution engines: systems that generate local capability (e.g., NVR stacks running on owned hardware).
  • Physics oracles: registries, certification databases, and standards lists (high signal; also high shaping power).
  • Narrative shells: schemes that primarily function as branding/policy wrappers around standards.

2) Final ranking (tiers)

Tier 1 — Execution engines (FOSS NVRs)

  1. Frigate 92.9 — Official: frigate.video
  2. ZoneMinder 88.4 — Official: zoneminder.com
  3. Shinobi 86.6 — Official: shinobi.video

Tier 2 — Physics oracles (high-rigor registries / lists)

  1. ECB•S Product Locator 81.4product locator
  2. VdS Certificate Database 81.0certificates search
  3. CoTCCC Recommended Devices & Adjuncts 81.0listing
  4. Sold Secure Approved Product Search 80.6approved products
  5. DoD Anti-Ram Vehicle Barrier List (USACE PDC) 80.5Sept 2025 PDF
  6. NIJ Compliant Products List (CPL) 80.2NIJ ballistic armor CPL
  7. LPCB RedBookLive (LPS 1175) 78.9RedBookLive
  8. SKG-IKOB Burglar Resistance Register 75.2register
  9. ift Rosenheim “ift-certified” Registry 74.5ift-certified companies
  10. UL Product iQ 74.4Product iQ portal

Tier-2 internal score differences are low-significance noise: the band is treated as “high signal, high shaping power, structurally captured.”

Tier 3 — Narrative shell (badge/policy wrapper)

  1. Secured by Design Product Listings (PAS 24, etc.) 67.8product search

3) Full score table

# System SR SA OR GA AS CD Composite
1 Frigate 909596859690 92.9
2 ZoneMinder 829590808890 88.4
3 Shinobi 868890858680 86.6
4 ECB•S Product Locator 957092759055 81.4
5 VdS Certificate Database 957090759055 81.0
6 CoTCCC Recommended Devices & Adjuncts 967095809530 81.0
7 Sold Secure Approved Product Search 867588709065 80.6
8 DoD Anti-Ram Vehicle Barrier List (USACE PDC) 968085659240 80.5
9 NIJ Compliant Products List (CPL) 908092808235 80.2
10 LPCB RedBookLive (LPS 1175) 907088758555 78.9
11 SKG-IKOB Burglar Resistance Register 827085608260 75.2
12 ift Rosenheim “ift-certified” Registry 867080707555 74.5
13 UL Product iQ 954592908540 74.4
14 Secured by Design Product Listings 806575607040 67.8

4) Detailed profiles (all items)

Frigate — Composite 92.9

Official frigate.video Docs docs.frigate.video Repo GitHub Install Docker-first
SR 90
SA 95
OR 96
GA 85
AS 96
CD 90

An open-source NVR optimized for local AI object detection and eventing. Core strengths: local processing, inspectable outputs, containerized deployment, and integration-friendly automation surfaces.

  • Why it scores highest: sovereignty-aligned defaults (local), inspectable engine, high operational utility for distributed nodes.
  • Capture surface: typical FOSS dependency risks (hardware drivers, container ecosystem), but no mandatory service tether.
  • Handling model: primary execution engine for local video telemetry; pair with hardened camera/network choices.

ZoneMinder — Composite 88.4

Official zoneminder.com Docs ReadTheDocs Repo GitHub Releases changelogs
SR 82
SA 95
OR 90
GA 80
AS 88
CD 90

A long-standing GPL video surveillance system with broad camera support and flexible recording/monitoring modes. Strengths: maturity, breadth, and self-hosting. Tradeoffs: older architecture and configuration complexity.

  • Why it scores below Frigate: age/complexity increases operational and attack surface, despite strong sovereignty posture.
  • Strength: resilient baseline engine where “cloud-smart” surveillance is rejected by default.
  • Handling model: heavyweight execution engine for multi-camera installations with competent hardening/ops.

Shinobi — Composite 86.6

Official shinobi.video Docs docs.shinobi.video Repo GitLab (primary) Mirror GitHub Pro track update channel
SR 86
SA 88
OR 90
GA 85
AS 86
CD 80

A modern, Node.js-based NVR with a strong web UI and flexible deployment options. The commercial “Pro” track introduces mild capture gravity relative to fully community-bounded projects.

  • Why SA/CD are slightly lower: existence of a gated update/support channel increases dependence vectors over time.
  • Operational role: viable execution engine where its UI and deployment fit outranks maximal governance purity.

ECB•S Product Locator — Composite 81.4

Official ecb-s.com Product Locator certified products
SR 95
SA 70
OR 92
GA 75
AS 90
CD 55

A high-signal index for EN-standard certified security products (notably safes, strongrooms, vault/secure storage classes). Strong physics anchoring, moderate structural capture via insurer/compliance ecosystems.

  • Primary use: selecting safes/strongrooms with quantized resistance classes instead of marketing labels.
  • Structural risk: market shaping—designs converge toward passing the scheme rather than maximizing all threat models.

VdS Certificate Database — Composite 81.0

Official vds.de Certificates searchable database Program product approval
SR 95
SA 70
OR 90
GA 75
AS 90
CD 55

One of the strongest European loss-prevention certification ecosystems across security and fire domains. High rigor and strong anti-theater output (certificates and scopes); moderate capture via insurer and code coupling.

  • Primary use: cross-checking hardware/system claims against accredited certification scope.
  • Structural risk: certificate-as-reality drift (badge becomes proxy for broader resilience).

CoTCCC Recommended Devices & Adjuncts — Composite 81.0

Listing Allogy (JTS/CoTCCC) PDF recommended devices
SR 96
SA 70
OR 95
GA 80
AS 95
CD 30

A battlefield-anchored, evidence-driven set of device recommendations (tourniquets, hemostatics, junctional control, airways, etc.) with NSNs and DoD nomenclature. Extremely high signal; heavy shaping power and institutional capture risk.

  • Primary use: minimum viable trauma kit baselines grounded in modern combat casualty care.
  • Structural risk: procurement convergence around narrow brand sets; supply chain and doctrine coupling.

Sold Secure Approved Product Search — Composite 80.6

Official soldsecure.com Search approved products
SR 86
SA 75
OR 88
GA 70
AS 90
CD 65

A practical, tool/time resistance grading ecosystem for security products (locks, chains, anchors, posts, cabinets, etc.). Strong anti-marketing utility; lower capture than state/corp schemes but still a market shaper.

  • Primary use: filtering lock/anchor marketing into explicit grade tiers (Diamond/Gold/Silver/Bronze).
  • Structural risk: “design to pass the grade” convergence; still far less centralized than state gates.

DoD Anti-Ram Vehicle Barrier List (USACE PDC) — Composite 80.5

PDF Sept 2025 list Archive USACE repository record
SR 96
SA 80
OR 85
GA 65
AS 92
CD 40

Full-scale crash-test anchored anti-ram barrier catalog used for DoD access control points and entry control facilities. Extremely rigorous physics output; doctrinal and procurement coupling increases capture and convergence risk.

  • Primary use: impact-rated barrier selection when vehicle-borne threats dominate the perimeter model.
  • Structural risk: US-centric doctrine assumptions; contract/procurement convergence; single-list gravity.

NIJ Compliant Products List (CPL) — Composite 80.2

NIJ CPL ballistic armor CTP Hub compliant product lists Glossary CPL fields
SR 90
SA 80
OR 92
GA 80
AS 82
CD 35

A highly influential compliance list for ballistic-resistant body armor, tied to NIJ Compliance Testing Program infrastructure. Strong minimum-signal filter; heavy shaping power and governance coupling.

  • Primary use: baseline armor validation against a recognized test regime.
  • Structural risk: doctrine and threat-model lag; “NIJ-compliant” becoming an epistemic ceiling instead of a floor.

LPCB RedBookLive (LPS 1175) — Composite 78.9

Portal redbooklive.com Standard LPS 1175 Issue 8.2 (PDF) Example certified listing page
SR 90
SA 70
OR 88
GA 75
AS 85
CD 55

A structured, tool/time-class intruder resistance standard (LPS 1175) with a live directory (RedBookLive) of certified products and services. High signal for envelope/perimeter components; notable insurer/regulatory coupling.

  • Primary use: specifying doors, shutters, enclosures, barriers using explicit tool-set and delay classes (not marketing adjectives).
  • Structural risk: label-driven convergence and planning/insurance entanglement in some jurisdictions.

SKG-IKOB Burglar Resistance Register — Composite 75.2

Register search interface Overview certificate overview Star Guide SKG rating system
SR 82
SA 70
OR 85
GA 60
AS 82
CD 60

A regional (NL-centric) burglar resistance registry for façade elements and related products, mapped to NEN/EN resistance classes (e.g., RC2–RC6). Useful mechanical signal; narrower jurisdictional reach.

  • Primary use: cross-checking window/door hardware and façade security certifications in EU contexts.
  • Structural risk: localized ecosystem coupling; star/class labels can become marketing proxies.

ift Rosenheim “ift-certified” Registry — Composite 74.5

Registry ift-certified search Official ift-rosenheim.de
SR 86
SA 70
OR 80
GA 70
AS 75
CD 55

A respected testing/certification ecosystem for windows, doors, façades, and associated building components. Strong on building performance and product certification; security signal often embedded within broader manufacturer marketing narratives.

  • Primary use: validating window/door/facade products via recognized certification records.
  • Structural risk: product certification can become a brand halo rather than a threat-model guarantee.

UL Product iQ — Composite 74.4

Portal productiq.ulprospector.com About UL Product iQ overview Features Product iQ capabilities
SR 95
SA 45
OR 92
GA 90
AS 85
CD 40

A global corporate certification search hub. Underlying standards and testing can be extremely rigorous; access and governance are corporate-platform mediated, with strong compliance-stack convergence.

  • Primary use: locating certified products/components in UL-dominated environments.
  • Structural risk: account/platform dependency and compliance-culture convergence; certificate index becomes gatekeeping infrastructure.

Secured by Design Product Listings (PAS 24, etc.) — Composite 67.8

Official securedbydesign.com Product search accredited products Category search filter by type PAS 24 BSI product page
SR 80
SA 65
OR 75
GA 60
AS 70
CD 40

A police-branded scheme that aggregates products and design guidance, often anchored in standards such as PAS 24. Practical value exists as a directory; structural coupling to planning/policing narratives and badge signaling is high.

  • Primary use: directory function and references to underlying test standards; avoid equating badge with full threat resilience.
  • Structural risk: policy-badge convergence; “approved” becomes the gate rather than measurable performance.

5) Handling model & interpretive notes

Execution engines vs. oracles vs. shells

  • Execution engines (Tier 1): generate local capability (recording, detection, automation). Primary value comes from local control, inspectability, and offline operation.
  • Physics oracles (Tier 2): high-rigor signal sources that describe performance tiers; also act as market-shapers. Treat as telemetry and method libraries, not as sovereign authority.
  • Narrative shells (Tier 3): policy/badge layers that wrap standards and listings; increased risk of theater and governance coupling.

Tier-2 band: how to read the cluster

The Tier-2 group is intentionally treated as one band. Small score differences (e.g., 81.4 vs 81.0 vs 80.6) do not imply deep superiority. The strategic distinction is: high physics signal + high shaping power + structural capture risk.

Correlation risk (stack convergence)

  • Using multiple state/corporate schemes as primary authorities converges procurement and doctrine toward a narrow ecosystem.
  • “Multiple oracles agree” can mean stronger signal and also stronger convergence pressure; maintain independent exit paths.
  • NVR sovereignty can be undermined by upstream camera firmware ecosystems; local engines do not automatically sanitize upstream device risk.

Output: what this ranking is (and is not)

  • Is: a map of which resources best preserve local autonomy while still extracting high-rigor performance signal.
  • Is not: a claim that any cert list equals reality, or that any badge is identical to resilience across all threat models.
  • Is: a template for building independent standards: fork methods, keep physics, discard governance capture.