Authoring Guidelines and Standards

The purpose of these guidelines is to ensure the production of high-quality, consistent, and impactful publications. Most pieces are authored as collaborative knowledge production efforts within working groups, under the guidance of a chair or technical leader. The topics tend to be specific under the purview of a working group, for instance, “Software Supply Chain Best Practices,” “Secure Software Factory,” or “Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security,” but sometimes cover broader themes like cloud native security white papers, the lexicon, and use cases and personas.

We strive for quality over quantity, emphasizing the importance of not duplicating existing materials unless we have something new to contribute or a cloud native perspective to offer. While some of our publications serve as “tour guides” rather than comprehensive handbooks, there is a recognized need for more in-depth books on building security that are regularly updated. These guidelines aim to foster a rigorous, clear, and professional standard for all our publications, ensuring they remain valuable resources for the community.

We intentionally maintain a low-friction, low-barrier approach to publishing to keep these efforts enjoyable and accessible. However, we ask authors to consider these guidelines upfront, as the proofing and editorial work often involves significant effort from volunteers. Unlike professionals at a publishing house, these volunteers juggle these tasks alongside their regular commitments. To ease this burden, we encourage authors to strive for the highest quality in their initial drafts, ensuring clarity, accuracy, and coherence from the start. This consideration helps make the collaborative process more efficient and enjoyable for everyone involved.

For detailed guidelines on creating papers and delivering artifacts, refer to Process for Creating Papers and Publishing Protocols for Project Deliverables .

Initial Publishing Guidelines and Standards

1. Content Quality

  • Relevance: Ensure all content is relevant to the topic and objectives of the publication, as well as the mission of TAG Security.
  • Accuracy: Verify all facts, figures, and citations. Ensure all information is current and correct.
  • Comprehensiveness: Cover the topic thoroughly, providing a clear and complete picture. Avoid unnecessary jargon and ensure the content is accessible to the target audience.
  • Clarity and Coherence: Maintain a logical flow of ideas. Ensure that each section transitions smoothly to the next and that the overall structure supports the document’s objectives.

2. Structure and Organization

  • Title and Abstract: Provide a clear, concise title and abstract that summarize the main points and objectives.
  • Sections and Headings: Use clear and descriptive headings. Ensure that the document is divided into well-defined sections (e.g., Introduction, Background, Core Concepts, Implementation, Case Studies, Conclusion).
  • Introduction: Offer a compelling introduction that outlines the purpose and scope of the document. For really short documents, like blog posts, a dedicated introduction section might be skipped, but at least an introductory paragraph is generally recommended.
  • Conclusion: Summarize key findings and provide actionable recommendations or next steps.

3. Writing Style

  • Tone: Maintain a professional and objective tone throughout the document.
  • Clarity: Write in clear, concise language. Avoid ambiguity and redundancy.
  • Consistency: Ensure consistency in terminology, abbreviations, and formatting.

4. Technical Accuracy

  • Terminology: Use industry-standard terminology correctly. Provide definitions for any specialized terms or acronyms.
  • Examples and Diagrams: Include relevant examples and diagrams to illustrate key points. Ensure that all visuals are clearly labeled and referenced in the text.

5. Technical Rigor

  • Depth of Analysis: Provide in-depth analysis and discussion of the topic. Ensure that technical concepts are explained thoroughly and accurately.
  • Methodology: Clearly describe the methodologies and frameworks used. Ensure that the approaches are scientifically sound and justified.
  • Evidence and Data: Support arguments with robust evidence and data. Include empirical data, case studies, or examples to substantiate claims.

6. References and Citations

  • Source Quality: Use reputable and reliable sources. Ensure that all references are properly cited.
  • Citation Format: Adopt a consistent citation style (e.g., APA, IEEE). Include a comprehensive references section at the end of the document.

7. Review and Revision

  • Peer Review: Submit the document for peer review by knowledgeable individuals within the community. Specifically, documents should be posted to the #tag-security channel for feedback. Incorporate feedback and revisions as needed.
  • Proofreading: Conduct thorough proofreading to eliminate grammatical, typographical, and formatting errors.

8. Formatting and Presentation

  • Document Layout: Use a clean and professional layout. Ensure consistent use of fonts, headings, and spacing.
  • Figures and Tables: Number all figures and tables sequentially. Provide clear captions and ensure they are referenced in the text.
  • Appendices: Include appendices for supplementary material that supports the main content without interrupting the flow.

Example Rubric for Evaluation

CriteriaExcellentGoodFairPoor
Content QualityThoroughly covers topic, highly accurate, very relevantCovers topic well, mostly accurate, relevantPartially covers topic, some inaccuracies, somewhat relevantLacks coverage, many inaccuracies, irrelevant
Structure & OrganizationClear, logical structure, well-defined sectionsMostly clear structure, sections somewhat definedSomewhat disorganized, sections not clearly definedDisorganized, sections poorly defined
Writing StyleClear, concise, professional, consistent toneMostly clear and concise, professional toneSome clarity issues, inconsistent toneUnclear, redundant, unprofessional tone
Technical AccuracyAccurate use of terminology, well-explained conceptsMostly accurate, some terms not well explainedSeveral inaccuracies, many terms not explainedMany inaccuracies, terms used incorrectly
Technical RigorIn-depth analysis, robust methodology, strong evidenceGood analysis, sound methodology, adequate evidenceSome analysis, basic methodology, limited evidenceLacks depth, weak methodology, insufficient evidence
References & CitationsHigh-quality sources, properly citedGood sources, mostly properly citedMixed source quality, some citations missingPoor sources, many citations missing
Review & RevisionThorough peer review, all feedback addressedPeer review done, most feedback addressedLimited review, some feedback addressedNo review, feedback not addressed
Formatting & PresentationProfessional layout, consistent formattingMostly professional, minor formatting inconsistenciesSome formatting issues, layout not fully professionalPoor layout, many formatting issues