New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
Three guiding principles help us decide which terms to use and how to write them:
We need to be accurate.
Our readers need to understand our technical content so that they can recognize the severity of security issues and implement our recommendations. We live and breathe information security, so we can deviate from non-industry authorities (such as the AP Stylebook) if their advice is outdated or too broad for our audience. Our terms should reflect the way that real attackers perceive and exploit systems.
We want to be consistent.
Many hands touch every document: We want each resource we provide to customers or release publicly to have the same voice and tone, even if a team of seven collaborated on it. And we engage with the same customers through multiple assessments, so it’s important to use consistent terminology to support logical narratives that both technical and non-technical readers can follow.
We’d like our work to look good at the same time.
Beautiful documents are inviting and easier to read, and polished language usage is a part of what makes documents attractive. Just as we use structural clarity and white space (for example) to give our dense technical information some room to breathe, using intentional language is another aspect of inviting readers into our documents. We amplify the quality of our technical work through our deliberate language choices.
These principles are listed in order of priority. For example, replacing a regular hyphen with a nonbreaking hyphen may help to condense a long URL down from four lines to two, but the replacement would make the URL nonfunctional. As such, we do not make that type of aesthetic change. Additionally, when writing about a customer’s internal tooling and names, we always ensure that we use their capitalization where possible. We will also defer to customers’ terminology choices that have not yet been standardized across the industry. While we always want to use terms consistently, it is more important to use accurate terminology for a customer’s needs when the two goals clash.
cyber.dic is an auxiliary spellcheck dictionary that can be added to your word processor to augment its standard spellcheck list. This is a resource for anyone who regularly writes about tech and is not a fan of the red underline that plagues any highly technical document.