There are only four mandatory canons in the code. By necessity, such high-level guidance is not intended to be a substitute for the judgment of the hacker.

Additional guidance is provided for each of the canons. While this guidance may be considered by the CAU Certification Review Board (CAUCRB) in judging behavior, it is advisory rather than mandatory. It is intended to help hackers identify and resolve the inevitable ethical dilemmas that they will confront during the course of their information security career.

Code of Ethics Preamble:

• Duty to the hacker community, and to each other requires that we adhere, and be seen to adhere, to absolutely no standards of behavior at all.
• Therefore, strict adherence to this Code is a condition of certification, or not.

Code of Ethics Canons:

• Protect your shit, your group, and your infrastructure.
• Act honorably, deceptively, justly, and on occasion irresponsibly.
• Provide diligent and competent research and tools to our community.
• Advance and protect the hacker community and it's culture.

The following additional guidance is given regarding pursuit of these goals.

Objectives for Guidance
In arriving at the following guidance, the CAUCRB is mindful of its responsibility to:

• Give guidance for resolving good versus good and bad versus bad dilemmas.
• To encourage hacker behavior such as:
• Research
• Teaching
• Hazing
• Identifying, mentoring, and sponsoring candidates for the certification
• Valuing the certificate
• Dumpster Diving
• Social Engineering
• Professional association with non-professionals
• Associating or appearing to associate with criminals or criminal behavior
• To discourage such behavior as:
• Giving unwarranted comfort or reassurance
• Consenting to bad practice
• Providing bad or inaccurate research to the community (except on April 1st)

These objectives are provided for information only; the hacker is not required or expected to agree with them. In fact, we prefer it if you have your own damn opinion.

In resolving the choices that confront him or her, the hacker should keep in mind that the following guidance is advisory only.

Compliance with the preamble and canons is mandatory. Conflicts between the canons should be resolved in the order of the canons. The canons are not equal and conflicts between them are not intended to create dilemmas.

Protect your shit, your group, and your infrastructure

• Lock down and protect your boxes, your information, etc!
• Back up your homies and protect their shit!
• See bullet #1 and apply that to your network infrastructure.

Act honorably, deceptively, justly, on occasion, irresponsibly

• To tell the truth, this really depends on who you're interacting with, and we make no claims to know how to behave in any particular situation.
• In fact, you can completely disregard this canon.

Provide diligent and competent research and tools to our community

• Don't release bullshit papers or advisories, make sure your shit is d0pe-tight before release.
• Use your own discrecion in regards to when to disclose potentially harmful information (fuck "Responsible Disclosure", you know what's best for Corporation X)
• Tools and working code make research that much better.

Advance and protect the hacker community and it's culture

• Viva La Underground!
• Attend community conferences like DefCon, ToorCon, ShmooCon, etc.
• Be sure to injure the reputation of hard-core white-hats through malice or indifference.
• Maintain your competence; keep your skills and knowledge current.