🤝 CSOH Code of Conduct
The short version: Be kind, be vendor-neutral, share what you know, and respect everyone's privacy. We're a free, volunteer-run cloud-security community — keep it a place where every member, from first-week learner to twenty-year practitioner, feels welcome.
📍 Where this applies
This Code of Conduct covers every CSOH-organized space, including:
- The weekly Friday Zoom session (presentations, Q&A, chat, breakouts)
- The CSOH mailing list and any email correspondence with organizers
- The GitHub repository — issues, pull requests, discussions, code review
- Any side channel, working group, or event that uses the CSOH name
It also applies to public conduct that materially affects the community (e.g., harassing a CSOH member on another platform).
✅ Expected behavior
- Be welcoming and inclusive. People join CSOH from every career stage and background. There are no dumb questions.
- Be respectful. Disagree on the technical merits without attacking the person.
- Stay vendor-neutral. Share what works and what doesn't — no sales pitches, no veiled marketing, no putting down competitors. Disclose your employer when it's relevant.
- Share knowledge generously. If you've solved something, write it up, drop a link, or volunteer to present.
- Respect privacy. Don't record, screenshot, or repost what someone said in a session without their explicit permission. Sessions are recorded only for the presentation portion, and only when all participants have agreed.
- Credit your sources. When you bring a tool, paper, or technique, link to the original author.
- Help moderate. If something feels off, flag it — to an organizer in private, or via email.
🚫 Unacceptable behavior
- Harassment of any kind — sexual attention, slurs, intimidation, stalking, sustained disruption.
- Discrimination based on race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, national origin, or any other protected characteristic.
- Doxing — publishing someone's private contact info, employer details, or location without consent.
- Recording or republishing meeting content (chat, video, audio, screenshots) without explicit consent from the people involved.
- Vendor pitches and recruiting spam. Genuine technical discussion of products is fine; sales calls and bulk recruiter DMs to members are not.
- Sharing illegal or harmful material — exploit code targeting systems you don't own, malware, stolen credentials, CSAM, etc.
- Astroturfing or sockpuppeting — pretending to be an unaffiliated user when promoting a product or position.
- Bad-faith engagement. Trolling, derailing, sealioning, or repeatedly ignoring moderator guidance.
🛠️ A note on hands-on security content
CSOH is a security community — we discuss exploits, attacker techniques, and breach reconstructions. That's expected and welcomed. The line is:
- OK: Public CVEs, post-mortems, CTF write-ups, lab environments, defensive techniques, ATT&CK mappings.
- Not OK: 0-days against systems you don't have authorization to test, weaponized payloads aimed at real targets, leaked credentials or data from a real breach.
If in doubt, ask an organizer before sharing.
📢 How to report
If you experience or witness a Code of Conduct violation, please tell us. Reports are handled confidentially by the organizers.
What to include in a report:
- What happened, when, and where (Zoom session date, GitHub thread URL, etc.)
- Who was involved (handle, email, full name — whatever you have)
- Any screenshots, logs, or links that help establish the facts
- What outcome you're hoping for (e.g., a private warning, removal, or just a record)
You can also reach an organizer directly during a Friday Zoom session if email isn't practical.
⚖️ Enforcement
Organizers will review every report and decide on a response, which may include:
- A private conversation and clarification of expectations
- A formal warning
- Temporary or permanent removal from a Friday Zoom session
- Removal from the mailing list
- Loss of contributor access on GitHub
- Reporting illegal conduct to the relevant authorities
Organizers themselves are held to this Code. Reports about an organizer go to a different organizer, or to admin@csoh.org.
🛡️ Protection for reporters
We will not retaliate against anyone who reports a Code of Conduct issue in good faith. False or malicious reports are themselves a Code of Conduct violation.
🙏 Attribution
This Code is informed by the Contributor Covenant and similar community codes from the open-source security world, adapted for CSOH's specific format (live Zoom + mailing list + GitHub).
Last updated: April 25, 2026. Suggestions to improve this Code are welcome — open a GitHub issue or email admin@csoh.org.