Code of Conduct

This page outlines the Code of Conduct of the InfoSec Handbook, which applies to all contributors and contributions.

Our pledge

We as contributors pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

Our standards

Examples of behavior that contributes to a positive environment for our community include:

  • Demonstrating empathy and kindness toward other people.
  • Being respectful of differing opinions, viewpoints, and experiences.
  • Giving and gracefully accepting constructive feedback.
  • Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience.
  • Focusing on what is best not just for us as individuals but for the overall community.

Examples of unacceptable behavior in our community include:

  • The use of sexualized language or imagery, and sexual attention or advances of any kind.
  • Trolling, insulting or derogatory comments, and personal or political attacks.
  • Public or private harassment.
  • Publishing others' private information, such as a physical or e-mail address, without their explicit permission.
  • Promoting services or products for financial gains or personal advantages.
  • Other conduct that could reasonably be considered inappropriate in a professional setting.

We remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. We won’t collaborate with third parties that violate our Code of Conduct.

Our content

1. Focus on real-world information security – no outdated theory

We focus on real-world information security. Our professional daily work includes conducting penetration tests, analyzing malware, designing industrial networks, inspecting network traffic, hardening operating systems and applications, creating tools for particular tasks, writing InfoSec policies and guidelines, and much more. The mix of various InfoSec domains ensures that our content reflects the current and future state of applied information security. We do not write about “Textbook RSA,” ten-year-old “best practices,” or security myths.

2. Accurate headlines and content – no clickbait

We strive for accurate headlines and content. When writing an article, we verify our sources and review reference material. Before publishing, another contributor carefully revises the article. We aim to stay neutral by showing the pros and cons of certain solutions.

3. Facts first – no rumors or accusations

We stay with the facts, even if they are boring and don’t result in likes and followers. The InfoSec Handbook doesn’t cover rumors like “Company XYZ hacked?” We don’t accuse third parties of misbehavior as in “Company XYZ violates the GDPR.” We consider spreading rumors and myths or accusing others as unprofessional.

4. Transparent contributions and edits – no hidden changes

We push all changes to a cryptographically signed Git repository. When we update our content, we add a small changelog to the bottom of the post, listing significant changes.


We adapted parts of our Code of Conduct from the Contributor Covenant, version 2.0, available at