Brainstorm

keescook:

• keep vulns private until fixed
• people can be team members if they agree to abide by those guidelines

nxvl:

• not to use dangerous tests, which tools to use
• not to touch anything if you gain access
• not to break anything

mra:

• gpg sign something (guidelines)
• register that you agreed to it (guidelines)

jdstrand:

• gpg signed the contents of an email message
• it's important from a mindset point of view, as well as potentially legal