Appendix A: How to Codify Your Own Terms

Security vocabulary is rapidly changing and expanding, so it’s likely that you’ll need to tame new tech terms on your own, in between versions of this style guide. To codify a term for your own use, determine the following:

• How is the term capitalized by its creators and its users?
  • Ex: BeEF, iPhone, JavaScript, Metasploit, PuTTY, QWERTY
• If it’s an acronym, how is it pronounced by its creators and its users?
  • Ex: SQL, ngrep, Hping, NAND
• If it’s an acronym, should its components be written out on first use or never?
  • Ex: 3G, APT, IP, RSA
• Can it be confused with another term? If so, how can it be consistently distinguished?
  • Ex: crypto, fingerprints, MFA, shell
• If it’s a compound, is it written differently if it’s a verb or a noun?
  • Ex: reverse-engineer (v.) vs. reverse engineering (n.) - Do spacing and hyphens change the meaning, or is it a personal preference? If it’s a personal preference, determine a company-wide preference.
• Which type of font should be used?
  • Ex: admin (a username) vs. admin (a concept/role)
  • fixed-width (monospace) or variable-width font

Capitalization, spacing, and punctuation all matter—often for different reasons when writing code and writing reports. Be sure to consider all three visual components when determining how to incorporate new terms in your documents and presentations.

In the likely event that you find a term that is written or pronounced inconsistently, contact the creators and follow their preference. If that’s not possible, check their most recent documentation. Ultimately, make a choice, write it down, and use it consistently, but be willing to revise your answer in the future. (And if you think it might help other security writers, tell us about it at [email protected], and we’ll add it to the next version of the style guide.)