Cybersecurity Style Guide is a useful editing tool

Most people reading this will have partial or passive familiarity with some terminology from programming, information security, and related domains, but they may have just a hazy grasp of how they’re used. What’s the difference between DOS and DoS? Does cold call take a hyphen? Is it a SQL or an SQL? How do you pronounce ASCII? What’s a dictionary attack?*

DoS, cold call, SQL, and ASCII are on the familiar side of digital and infosec jargon. Most industry phrases and abbreviations are more obscure, so they’re not listed in dictionaries. Security consulting company Bishop Fox has done a real service to editors and writers by publishing a modern Cybersecurity Style Guide. The first version, released last month, contains 1,775 entries.

Most entries are not defined – it’s a style guide, not a dictionary, so the focus is on usage. But just browsing the guide helps readers educate themselves on an esoteric but useful lexicon. It’s especially helpful for professional writers and editors, sorting out capitalisation, hyphenation, and similar conundrums. (There’s also straight-up grammar advice, like ‘Use singular they’.)

Linguist and editor Brianne Hughes, who previously featured on Sentence first for the morphological wonders she calls cutthroat compounds, created the Cybersecurity Style Guide with help from her colleagues and introduces it on the company blog:

Our goal here is to give guidance about usage, not to define the terms in detail. Each term in the guide earned its place by being unintuitive in some way:

• It may be a homonym of a non-technical word (front door, Julia, pickling),

• it may be uniquely written (BeEF, LaTeX, RESTful),

• it may not follow a clear pattern (web page vs. website),

• it may have a very specific technical distinction (invalidated vs. unvalidated),

• or its meaning may differ depending on the audience and the day (crypto, insecure, PoC).

Image from Brianne Hughes's presentation (video below) with the heading "Nothing Makes Sense and Everyone Is Confused". There are 3 photos: Steve Buscemi dressed as a teenager, labelled "Outsiders"; Rami Malek in Mr Robot, labelled "Insiders", and between them, Tobey Maguire in Spider-Man 2, grimacing as he tries to stop a train, labelled "translators, editors, tech journalists"

Image from Brianne Hughes’s CactusCon presentation, video below

The editors invite feedback, so a few suggestions follow. Pwn is ‘pronounced “pown”,’ we’re told, but that could rhyme with town or tone. (It’s the latter.) I would add an entry for CamelCase, given its prevalence in the jargon. The entry for doge says ‘Such disputed pronunciation’, but standard grammar is generally avoided in doge: ‘Many disputed pronounce’ would be more apt.

Bishop Fox’s Cybersecurity Style Guide is an excellent and welcome addition to the editing literature and is likely to become increasingly useful as time goes on. You can download the PDF directly here. For a witty, entertaining explanation of the need for the guide, watch Brianne Hughes’s presentation at CactusCon last year (NB: audio quality is poor; audience reactions are louder than the speaker):


* DOS = Disk Operating System; DoS = denial of service. The verb does; the noun doesn’t. ‘Precede with “a,” assuming that the reader pronounces it as “sequel.” Sometimes pronounced as letters.’ ‘Ask-ee’. An automated password-guessing attack.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s