Below, you will find the Honeynet Project's proposed code of conduct. We invite you to submit comments until 5/1/2012 to [email protected]
Code of Conduct - last updated on 3/31/2012
- We will interact with others in our community with honesty, integrity and respect. This includes considering cultural differences as they relate to both interpersonal relations and when our work may have differing impacts amongst different cultural groups.
- We will use discretion about how we represent ourselves publicly in order to maintain trust within the community and by the general public. We will act in ways we can clearly justify as being worthy of that trust.
- We will consider all stakeholders who may come within the scope of our research activities and consider how they may benefit from, or be harmed by, our actions. (I.e. considering the privacy rights of individuals -- both innocent and suspect -- in publication and data, effects on their computers and data, etc.)
- We will anticipate potential harms that could result from our actions and prepare an incident response process. (E.g., When our actions may have direct noticeable impact on end users who may not be capable of understanding those impacts to be in their interest, we will strive to work with authorities, such as CERTs and service providers, who can act on behalf of impacted users.)
- We will balance benefits and risks, identifying as many benefits and risks as we can reasonably envision. We will consider each risk, regardless of likelihood or magnitude, so we are prepared to answer any charge of acting improperly that is put to us.
- We will be responsible in how we disclose information in order to maximize benefit and minimize harm to affected stakeholders, taking into consideration that both benfits and harms from disclosure may take time to manifest.
- We will seek to understand the laws in our own jurisdictions and respect their role in promoting the public interest. We will try to understand when and how our research efforts and initiatives may fall within the scope of various laws and consider the risks to ourselves and our projects as a whole in how we justify our actions.
- If the above statements do not provide clear guidance, we will fulfill our responsibility by seeking the advice of leaders in our community, an ethics review board, or other trusted independent body, in deciding how to act.