GuidelinesDraft

Differences between revisions 5 and 6
Revision 5 as of 2008-03-03 20:00:38
Size: 3374
Editor: c-76-105-157-155
Comment: tweak intro
Revision 6 as of 2008-03-28 18:19:18
Size: 26
Editor: host253-147-dynamic
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Ubuntu Pentest Code of Conduct (Draft) =

== Introduction ==
"A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them." ''http://en.wikipedia.org/wiki/Ethical_hacker''

While working in the Ubuntu community, one already follows the Ubuntu Code of Conduct. Those goals include freedom and respect, and we must approach penetration testing with greater caution. We do not want to disrupt the community, and as such, the Ubuntu Penetration Testers Code of Conduct contains strict definitions.

When one agrees to this Code, please GPG sign it and send it to the pentest mailing list.

== Ground Rules ==
This Code of Conduct covers your behaviour as a member of the Ubuntu Pentest
team, in any forum, mailing list, wiki, web site, IRC channel, install-fest,
public meeting or private correspondence. The Ubuntu Community Council will
arbitrate in any dispute over the conduct of a member of the team. In this
document COMPANY refers to Canonical Ltd and its subsidiaries. COMMUNITY
refers to ubuntu.com hosts, subdomains, and related projects.

'''Do no harm.''' Your actions could affect many people and care must be taken
to not adversely affect the COMMUNITY and the COMPANY. Causing a COMMUNITY
and/or COMPANY service or machine to crash, perform suboptimally, or do actions
outside the intended use of the service or machine is strictly prohibited.
If you acquire access to the service or machine outside the scope of its
intended use, all further action related to said access should be immediately
stopped and reported.

'''Be responsible.''' All communications regarding penetration testing on
COMMUNITY and COMPANY computing services must be done on the private
ubuntu-pentest mailing list, and all vulnerabilities must be disclosed
immediately on Launchpad.net with both the security and the private flags
enabled (ie non-public). Under no circumstances should non-public information
about the COMMUNITY or the COMPANY be disclosed in a public forum.

'''Coordinate with others.''' All penetration testing on COMMUNITY and/or COMPANY
computing services must be by approved by and coordinated with a COMPANY
employee or COMMUNITY member responsible for said service.

'''Be private.''' All communications regarding coordination of penetration
testing on COMMUNITY and COMPANY computing services must be done on the private
ubuntu-pentest mailing list. All information regarding a vulnerability on
COMMUNITY and/or COMPANY computing services must be done in the private bug report
on Launchpad.net. Under no circumstances should non-public information about
the COMMUNITY, the COMPANY or a vulnerability be disclosed in a public forum.

'''When you are unsure, ask for help.''' Nobody knows everything, and a lot
of care, thought, and coordination must happen to responsibly conduct
penetration testing. If you find yourself in a situation where you are unsure
of how to proceed, please ask another Ubuntu Pentest member before proceeding.
feel free to write here.

feel free to write here.

UbuntuPentest/GuidelinesDraft (last edited 2008-08-06 16:18:30 by localhost)