From 5a0db953faaf731bb8930b5dfd098c5a97163cb2 Mon Sep 17 00:00:00 2001 From: Zakk Date: Thu, 12 Dec 2024 15:27:59 -0600 Subject: [PATCH 1/4] First draft of citation guide (prior to feedback) and updated readme with reference to guidelines --- CITATION.md | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 4 +- 2 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 CITATION.md diff --git a/CITATION.md b/CITATION.md new file mode 100644 index 0000000..a209294 --- /dev/null +++ b/CITATION.md @@ -0,0 +1,104 @@ +# Citation Guidelines + +The purpose of this guide is to ensure consistency, professionalism, and proper +attribution in all citations and references to our published reports and +findings. These guidelines are intended to support both internal and external +stakeholders in referencing and utilizing our work responsibly. + +This guide applies to all materials published by Informal Systems, Inc., +including but not limited to: + +* Security audit reports +* Technical whitepapers +* Blog posts and technical write-ups +* Conference presentations and materials + +By following these guidelines, we aim to: + +* Establish a clear and professional citation standard for our work. +* Facilitate proper recognition of our contributions to the blockchain security community. +* Prevent misuse or misrepresentation of our findings. + +These guidelines are not exhaustive but provide a foundation for citing and +publishing our materials. For specific questions or additional permissions, +please contact your project manager. + +## Citation Format + +To ensure proper attribution and consistency when referencing materials +published by Informal Systems, Inc., please use the following citation format: + +**For Security Audit Reports:** + +``` +[Author(s)], "[Report Title]," Informal Systems, Inc., [Month Year], available at: [URL] +``` + +*Example:* + +``` +Jane Doe, "Security Audit Report for ABC Protocol," Informal Systems, Inc., December 2024, available at: https://github.com/informalsystems/audits/blob/main/abc-protocol/2024-06-01%20Audit%20Report%20-%20ABC%20Protocol.pdf +``` + +**For Technical Whitepapers:** + +``` +[Author(s)], "[Paper Title]," Informal Systems, Inc., [Month Year], available at: [URL] +``` + +*Example:* + +``` +John Smith, "A Deep Dive into IBC Security," Informal Systems, Inc., January 2024, available at: https://informal.systems/whitepapers/ibc-security +``` + +**For Blog Posts:** + +``` +[Author(s)], "[Blog Title]," Informal Systems, Inc., [Month Year], available at: [URL] +``` + +*Example:* + +``` +Alex Johnson, "Five Tips for Writing Secure Cosmos SDK Code," Informal Systems, Inc., November 2024, available at: https://informal.systems/blog/cosmos-sdk-security-tips +``` + +Ensure that the citation includes all relevant authors and links to the most +recent and official version of the publication. If uncertain, please consult +your project manager. + +## Attribution Guidelines + +When citing or referencing materials published by Informal Systems, Inc., it is +critical to ensure accurate and appropriate attribution. Below are the +guidelines for proper attribution: + +- **Do Not Generalize Findings:** Our security audit reports are limited to the specific scope and components reviewed at the time of the audit. They should not be used to assert or imply that an entire codebase or system is secure. Instead, references should explicitly note the scope of the audit as defined in the report. + +- **Required Language:** When citing a report, use the following attribution language: + +> "This report, prepared by Informal Systems, Inc., provides findings from a security audit conducted on [specific project/component] as of [date]. The findings are limited to the scope outlined in the report and do not imply complete security of the overall system." + +- **Proper Credit:** Always attribute Informal Systems, Inc., as the author of the work, and include a link to the original publication to ensure proper context. + +- **Avoid Misrepresentation:** Do not use our findings to claim compliance, certification, or complete security of a system unless explicitly stated in the report. + +- **Fair Use of Excerpts:** Excerpts from our reports may be used provided they are accurate, not taken out of context, and include proper attribution as outlined above. + +These guidelines are designed to preserve the integrity of our work and prevent +misunderstandings or misuses of our findings. If you have any questions about +appropriate attribution, please contact your project manager. + +## Conclusion + +We at Informal Systems, Inc., are committed to delivering high-quality security +research and audits that contribute to the safety and robustness of blockchains +and distributed systems. By adhering to the guidelines outlined in this +document, you help maintain the integrity and value of our work while ensuring +proper recognition of our contributions. + +Thank you for your cooperation and support in promoting responsible and accurate +use of our materials. If you have any questions or require further clarification +on these guidelines, please do not hesitate to reach out to your project +manager. diff --git a/README.md b/README.md index dcb1776..5368380 100644 --- a/README.md +++ b/README.md @@ -9,8 +9,10 @@ systems secure and resilient. You may read more about our approach at the [Security Services page](https://informal.systems/services/security-audits). -## Public Audit Reports +Please refer to our [citation guidelines](./CITATION.md) before citing or referencing any of +the reports published in this repository. +## Public Audit Reports | Audit date(s) | Client | Audit report | | ---- | ---- | --- | From 5771025d981333d65316da2de3338807e3a60c16 Mon Sep 17 00:00:00 2001 From: Zakk Date: Thu, 12 Dec 2024 16:04:47 -0600 Subject: [PATCH 2/4] implement first round of feedback from Cara: - Use the term "Publication" instead of "Citation" - Add a note on social media posts --- CITATION.md => PUBLICATION.md | 3 ++- README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) rename CITATION.md => PUBLICATION.md (97%) diff --git a/CITATION.md b/PUBLICATION.md similarity index 97% rename from CITATION.md rename to PUBLICATION.md index a209294..823b5d8 100644 --- a/CITATION.md +++ b/PUBLICATION.md @@ -1,4 +1,4 @@ -# Citation Guidelines +# Publication Guidelines The purpose of this guide is to ensure consistency, professionalism, and proper attribution in all citations and references to our published reports and @@ -12,6 +12,7 @@ including but not limited to: * Technical whitepapers * Blog posts and technical write-ups * Conference presentations and materials +* Posts on Twitter, LinkedIn, Farcaster, or other social media sites By following these guidelines, we aim to: diff --git a/README.md b/README.md index 5368380..6625453 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ systems secure and resilient. You may read more about our approach at the [Security Services page](https://informal.systems/services/security-audits). -Please refer to our [citation guidelines](./CITATION.md) before citing or referencing any of +Please refer to our [publication guidelines](./PUBLICATION.md) before citing or referencing any of the reports published in this repository. ## Public Audit Reports From 89483849426fe5cd88f801586ea79aca2daea25b Mon Sep 17 00:00:00 2001 From: Zakk Date: Thu, 12 Dec 2024 16:14:19 -0600 Subject: [PATCH 3/4] Add section on misuse and consequences --- PUBLICATION.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/PUBLICATION.md b/PUBLICATION.md index 823b5d8..576a80b 100644 --- a/PUBLICATION.md +++ b/PUBLICATION.md @@ -91,6 +91,34 @@ These guidelines are designed to preserve the integrity of our work and prevent misunderstandings or misuses of our findings. If you have any questions about appropriate attribution, please contact your project manager. +## Unacceptable Citation Formats and Consequences + +To maintain the integrity of our work, the following citation practices are +considered unacceptable: + +- Implying Comprehensive Security: +Any citation that suggests Informal Systems, Inc., has certified or guaranteed the complete security of a system or codebase unless explicitly stated in the report. + +- **Taking Findings Out of Context:** Selectively quoting findings in a way that distorts the overall conclusions or omits critical nuances. +- **Omitting Proper Attribution:** Failing to credit Informal Systems, Inc., as the author or not including a link to the official publication. +- **Using Reports for Endorsements:** Misrepresenting our findings to imply endorsement or approval of a system, product, or organization by Informal Systems, Inc. + +### Consequences of Violations: + +Before pursuing any consequences, Informal Systems, Inc., will first reach out +to the individual or organization to request that the citation be corrected +within 24 hours. + +If the violation is not corrected within 24 hours, these guidelines may result +in the following actions: + +- **Public Statement:** Informal Systems, Inc., reserves the right to issue a public clarification to address any misrepresentation or misuse of our reports. +- **Legal Action:** In cases of severe misrepresentation or unauthorized use, legal action may be pursued to protect our intellectual property and reputation. +- **Revocation of Permissions:** Individuals or organizations violating these guidelines may lose access to our reports or other published materials. + +For questions regarding proper citation practices or to report potential misuse, +please contact your project manager. + ## Conclusion We at Informal Systems, Inc., are committed to delivering high-quality security From 6b92d69cd07bbaafa45f828117cc0b716b1eabf1 Mon Sep 17 00:00:00 2001 From: Zakk Date: Thu, 19 Dec 2024 12:02:15 -0600 Subject: [PATCH 4/4] Update attribution guidelines to include a note on the version reviewed and a subsection covering the review methodology used. --- PUBLICATION.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/PUBLICATION.md b/PUBLICATION.md index 576a80b..7c5b661 100644 --- a/PUBLICATION.md +++ b/PUBLICATION.md @@ -32,7 +32,7 @@ published by Informal Systems, Inc., please use the following citation format: **For Security Audit Reports:** ``` -[Author(s)], "[Report Title]," Informal Systems, Inc., [Month Year], available at: [URL] +"[Report Title]," Informal Systems, Inc., [Month Year], available at: [URL] ``` *Example:* @@ -75,7 +75,9 @@ When citing or referencing materials published by Informal Systems, Inc., it is critical to ensure accurate and appropriate attribution. Below are the guidelines for proper attribution: -- **Do Not Generalize Findings:** Our security audit reports are limited to the specific scope and components reviewed at the time of the audit. They should not be used to assert or imply that an entire codebase or system is secure. Instead, references should explicitly note the scope of the audit as defined in the report. +- **Do Not Generalize Findings:** Our security audit reports are limited to the specific scope, components, and version reviewed at the time of the audit. They should not be used to assert or imply that an entire codebase or system is secure. They should not be used to assert that all versions of a codebase or system are secure. Instead, references should explicitly note the scope and commit hash or version number of the audit as defined in the report. + +- **Do Not Generalize the Review Methodology Used:** Each audit relies on specific methodologies, such as manual review, static analysis, simulations, or modeling, which have inherent trade-offs. Do not misrepresent or generalize these approaches as providing complete security or exhaustive guarantees. - **Required Language:** When citing a report, use the following attribution language: