Skip to main content

Ethics & Responsible Use

RedOracle is committed to the highest standards of ethical conduct, professional responsibility, and authorized security work. Our principles guide every engagement, resource, and service we provide.

RedOracle mascot

Code of Ethics

RedOracle members and affiliates are expected to uphold the following principles in all professional activities:

  • Perform all professional activities and duties in accordance with applicable laws and the highest ethical principles
  • Promote generally accepted information security best practices and standards
  • Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities
  • Discharge professional responsibilities with diligence and honesty
  • Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the public trust
  • Not intentionally injure or impugn the professional reputation or practice of colleagues, clients, or employers

Responsible AI in Security Workflows

RedOracle uses AI-assisted workflows to improve organization, summarization, documentation, and prioritization in selected security processes. AI is a tool that supports efficiency and consistency; it is not a substitute for professional judgment, authorization, or ethical responsibility.

AI supports the process. Expertise guides the outcome.

AI Usage Principles

  1. Human Oversight: Every AI-assisted output that informs client-facing conclusions is reviewed by qualified security professionals. AI never makes autonomous security decisions.

  2. Authorized Scope: AI-assisted workflows operate only within the defined scope of each engagement. AI does not expand testing boundaries, access unauthorized systems, or perform actions beyond what is explicitly approved.

  3. Confidentiality: Data processed through AI-assisted workflows is handled with the same strict confidentiality standards applied to all RedOracle work. Client data is not used to train external AI models.

  4. Responsible Research: AI assists in organizing and summarizing publicly available security information. RedOracle does not use AI to generate exploits, automate attacks, or create offensive tools.

  5. No Harmful Automation: AI is not used to autonomously exploit vulnerabilities, scan targets without authorization, or perform any action that would require human judgment and explicit approval.

  6. Transparency: Clients are informed when AI-assisted workflows play a material role in analysis or documentation. We are transparent about the role and limitations of AI in our processes.

  7. Data Protection: Client information, assessment data, and sensitive findings are protected from unauthorized AI processing. AI tooling is selected and configured with data protection as a primary requirement.

  8. Professional Accountability: RedOracle professionals remain fully accountable for all deliverables, conclusions, and recommendations, regardless of whether AI-assisted workflows were used in preparation.

Authorized Use

All RedOracle services, resources, and tools are intended exclusively for authorized security work. This includes:

  • Security assessments conducted with explicit written authorization
  • Infrastructure hardening within owned or authorized environments
  • Defensive monitoring of networks and systems you own or operate
  • Research and education for legitimate security purposes
  • Use of reference materials (password databases, vendor references) only for authorized assessments

RedOracle does not condone, support, or facilitate unauthorized access to systems, networks, or data. Use of any RedOracle resource for unauthorized purposes is a violation of our terms and ethical standards.

Professional Standards

Our work is guided by recognized frameworks and standards including:

  • OWASP: Application security testing and verification standards
  • NIST: Risk management, cybersecurity frameworks, and assessment methodologies
  • ISO 27001: Information security management system requirements
  • PCI DSS: Payment card industry security assessment standards
  • PTES: Penetration testing execution standard
  • OSSTMM: Open source security testing methodology manual

Responsible Disclosure

When RedOracle discovers vulnerabilities in third-party products or services during the course of authorized work or research, we follow coordinated disclosure practices:

  • The vulnerability is reported privately to the vendor or service provider
  • Reasonable time is provided for remediation before any public disclosure
  • Disclosure is handled in a manner that minimizes risk to users
  • We do not disclose vulnerabilities for notoriety, commercial gain, or competitive advantage

Commitment to the Security Community

RedOracle contributes to the security community through:

  • Curated open-source security resources and references
  • Educational content and technical documentation
  • Responsible research and intelligence sharing
  • Support for open security standards and frameworks
  • Ethical knowledge transfer and professional development
Request a Confidential Consultation