First draft of citation guide and updated readme

PUBLICATION.md

@@ -0,0 +1,133 @@
+# Publication Guidelines
+
+The purpose of this guide is to ensure consistency, professionalism, and proper
+attribution in all citations and references to our published reports and
+findings. These guidelines are intended to support both internal and external
+stakeholders in referencing and utilizing our work responsibly.
+
+This guide applies to all materials published by Informal Systems, Inc.,
+including but not limited to:
+
+* Security audit reports
+* Technical whitepapers 
+* Blog posts and technical write-ups 
+* Conference presentations and materials
+* Posts on Twitter, LinkedIn, Farcaster, or other social media sites
+
+By following these guidelines, we aim to:
+
+* Establish a clear and professional citation standard for our work. 
+* Facilitate proper recognition of our contributions to the blockchain security community. 
+* Prevent misuse or misrepresentation of our findings.
+
+These guidelines are not exhaustive but provide a foundation for citing and
+publishing our materials. For specific questions or additional permissions,
+please contact your project manager.
+
+## Citation Format
+
+To ensure proper attribution and consistency when referencing materials
+published by Informal Systems, Inc., please use the following citation format:
+
+**For Security Audit Reports:**
+
+```
+[Author(s)], "[Report Title]," Informal Systems, Inc., [Month Year], available at: [URL]
+```
+
+*Example:*
+
+```
+Jane Doe, "Security Audit Report for ABC Protocol," Informal Systems, Inc., December 2024, available at: https://github.com/informalsystems/audits/blob/main/abc-protocol/2024-06-01%20Audit%20Report%20-%20ABC%20Protocol.pdf
+```
+
+**For Technical Whitepapers:**
+
+```
+[Author(s)], "[Paper Title]," Informal Systems, Inc., [Month Year], available at: [URL]
+```
+
+*Example:*
+
+```
+John Smith, "A Deep Dive into IBC Security," Informal Systems, Inc., January 2024, available at: https://informal.systems/whitepapers/ibc-security
+```
+
+**For Blog Posts:**
+
+```
+[Author(s)], "[Blog Title]," Informal Systems, Inc., [Month Year], available at: [URL]
+```
+
+*Example:*
+
+```
+Alex Johnson, "Five Tips for Writing Secure Cosmos SDK Code," Informal Systems, Inc., November 2024, available at: https://informal.systems/blog/cosmos-sdk-security-tips
+```
+
+Ensure that the citation includes all relevant authors and links to the most
+recent and official version of the publication. If uncertain, please consult
+your project manager.
+
+## Attribution Guidelines
+
+When citing or referencing materials published by Informal Systems, Inc., it is
+critical to ensure accurate and appropriate attribution. Below are the
+guidelines for proper attribution:
+
+- **Do Not Generalize Findings:** Our security audit reports are limited to the specific scope and components reviewed at the time of the audit. They should not be used to assert or imply that an entire codebase or system is secure. Instead, references should explicitly note the scope of the audit as defined in the report.
+
+- **Required Language:** When citing a report, use the following attribution language:
+
+> "This report, prepared by Informal Systems, Inc., provides findings from a security audit conducted on [specific project/component] as of [date]. The findings are limited to the scope outlined in the report and do not imply complete security of the overall system."
+
+- **Proper Credit:** Always attribute Informal Systems, Inc., as the author of the work, and include a link to the original publication to ensure proper context.
+
+- **Avoid Misrepresentation:** Do not use our findings to claim compliance, certification, or complete security of a system unless explicitly stated in the report.
+
+- **Fair Use of Excerpts:** Excerpts from our reports may be used provided they are accurate, not taken out of context, and include proper attribution as outlined above.
+
+These guidelines are designed to preserve the integrity of our work and prevent
+misunderstandings or misuses of our findings. If you have any questions about
+appropriate attribution, please contact your project manager.
+
+## Unacceptable Citation Formats and Consequences
+
+To maintain the integrity of our work, the following citation practices are
+considered unacceptable:
+
+- Implying Comprehensive Security:
+Any citation that suggests Informal Systems, Inc., has certified or guaranteed the complete security of a system or codebase unless explicitly stated in the report.
+
+- **Taking Findings Out of Context:** Selectively quoting findings in a way that distorts the overall conclusions or omits critical nuances.
+- **Omitting Proper Attribution:** Failing to credit Informal Systems, Inc., as the author or not including a link to the official publication.
+- **Using Reports for Endorsements:** Misrepresenting our findings to imply endorsement or approval of a system, product, or organization by Informal Systems, Inc.
+
+### Consequences of Violations:
+
+Before pursuing any consequences, Informal Systems, Inc., will first reach out
+to the individual or organization to request that the citation be corrected
+within 24 hours.
+
+If the violation is not corrected within 24 hours, these guidelines may result
+in the following actions:
+
+- **Public Statement:** Informal Systems, Inc., reserves the right to issue a public clarification to address any misrepresentation or misuse of our reports.
+- **Legal Action:** In cases of severe misrepresentation or unauthorized use, legal action may be pursued to protect our intellectual property and reputation.
+- **Revocation of Permissions:** Individuals or organizations violating these guidelines may lose access to our reports or other published materials.
+
+For questions regarding proper citation practices or to report potential misuse,
+please contact your project manager.
+
+## Conclusion
+
+We at Informal Systems, Inc., are committed to delivering high-quality security
+research and audits that contribute to the safety and robustness of blockchains
+and distributed systems. By adhering to the guidelines outlined in this
+document, you help maintain the integrity and value of our work while ensuring
+proper recognition of our contributions.
+
+Thank you for your cooperation and support in promoting responsible and accurate
+use of our materials. If you have any questions or require further clarification
+on these guidelines, please do not hesitate to reach out to your project
+manager.

README.md

@@ -9,8 +9,10 @@ systems secure and resilient.
 You may read more about our approach at the
 [Security Services page](https://informal.systems/services/security-audits).
 
-## Public Audit Reports
+Please refer to our [publication guidelines](./PUBLICATION.md) before citing or referencing any of
+the reports published in this repository.
 
+## Public Audit Reports
 
 | Audit date(s) | Client | Audit report |
 | ----  | ----  | --- |