What to Expect in the Guide

This style guide was compiled primarily to assist security professionals who write formal documentation. Therefore, we mark terms that you might hear at a hacker conference (but should not use in formal writing) as informal, and we mark cliché business terms that may alienate the security audience as corporate jargon.

Each term in the guide appears in its designated font (per the formatting guidance above) and is capitalized as it would appear in the middle of a sentence. For example:

denial of service (n.), denial-of-service (adj.) (DoS)

DoS is pronounced as “doss” or the whole phrase. Spell out on first use.
Ex: A denial of service is caused by denial-of-service attacks.
Related: DDoS

Many entry headings include parts of speech, since that can affect how terms are written: (adj.) for adjective, (adv.) for adverb, (n.) for noun, and (v.) for verb. Proper nouns and phrases do not include a part of speech. We also include plural or conjugated forms of some terms where the capitalization or spelling of those forms may not be straightforward.

Many security terms have disputed pronunciations because they were typed first and spoken aloud later. Pronunciation is provided for select terms in the guide. We acknowledge all variations when possible. Be aware that some acronyms look similar but are pronounced differently:

CIO is pronounced as letters, but CISO is pronounced as “see-so.”
UI is pronounced as letters, but GUI is pronounced like “gooey.”
PoC is pronounced as letters, but T-POC is pronounced as “T-pock.”

When we offer examples of a term, provide variants of a term, or provide alternative terms to use in place of it, we use blue font to call attention to the term or example.

By combining the use of two fonts, button bolding, and the word list below, we strive to be accurate, consistent, and understandable to the security industry at large. It’s been helping us internally and we hope it will help you, too.