Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Version 2.0

Cybersecurity Style Guide

How We Choose Our Terms

Three guiding principles help us decide which terms to use and how to write them:

  1. We need to be accurate.

    Our readers need to understand our technical content so that they can recognize the severity of security issues and implement our recommendations. We live and breathe information security, so we can deviate from non-industry authorities (such as the AP Stylebook) if their advice is outdated or too broad for our audience. Our terms should reflect the way that real attackers perceive and exploit systems.

  2. We want to be consistent.

    Many hands touch every document: We want each resource we provide to customers or release publicly to have the same voice and tone, even if a team of seven collaborated on it. And we engage with the same customers through multiple assessments, so it’s important to use consistent terminology to support logical narratives that both technical and non-technical readers can follow.

  3. We’d like our work to look good at the same time.

    Beautiful documents are inviting and easier to read, and polished language usage is a part of what makes documents attractive. Just as we use structural clarity and white space (for example) to give our dense technical information some room to breathe, using intentional language is another aspect of inviting readers into our documents. We amplify the quality of our technical work through our deliberate language choices.

These principles are listed in order of priority. For example, replacing a regular hyphen with a nonbreaking hyphen may help to condense a long URL down from four lines to two, but the replacement would make the URL nonfunctional. As such, we do not make that type of aesthetic change. Additionally, when writing about a customer’s internal tooling and names, we always ensure that we use their capitalization where possible. We will also defer to customers’ terminology choices that have not yet been standardized across the industry. While we always want to use terms consistently, it is more important to use accurate terminology for a customer’s needs when the two goals clash.

Avoid The Red Squiggly

cyber.dic is an auxiliary spellcheck dictionary that can be added to your word processor to augment its standard spellcheck list. This is a resource for anyone who regularly writes about tech and is not a fan of the red underline that plagues any highly technical document.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.