###########################################################################
#                   Honeynet Research Alliance Charter                    #
#                                  by                                     #
#                    The Honeynet Research Alliance                       #
###########################################################################

                      Last Modified: 15 May, 2006


1.0 PURPOSE
===========
Outline what the Honeynet Research Alliance is, its goals, requirements,
and how it operates.


2.0 SUMMARY
===========
The Honeynet Research Alliance is a trusted forum of other honeypot research
organizations.  Member organizations of the Honeynet Research Alliance
are not part of The Honeynet Project.  Instead, they are their own independent
entities.  These organizations subscribe to the Alliance for the purpose of 
researching, developing and deploying honeypot and sharing the lessons learned.  
The goal of the Alliance is to bring together organizations actively involved in 
honeypot research. Its primary means of communication is a closed maillist.


3.0  STEERING COMMITTEE
=======================
The Alliance is be guided by the Steering Committtee.  

3.1  The SC is made up of 5 members, each member must belong to an Alliance
     organization.  No two members may belong to the same organization.  Elections
     happen in January of every year.
3.2  Each member servers a two year term.
3.3  SC helps develops policy, which is then reviewed by Alliance members.


4.0 REQUIREMENTS
================
Any organization may apply to the Honeynet Research Alliance as long as they 
meet the following requirements.

4.1  They are a legitimate or recognized organization.  By legitimate we mean 
     entity that other people can join.
4.2  They have developed and deployed or are in the process of developing 
     and/or deploying honeypots.
4.3  Must have a designated representative to represent the organization 
     for the Honeynet Research Alliance.
4.4  Organizations must agree to follow the Honeynet Definitions, Requirements 
     and Standards documentation, located at http://www.honeynet.org/alliance/.
4.5  Must maintain a webpage or website summarizing their contact information 
     and research.
       o Who you are (organization)
       o Contact information, including email and PGP key
       o Types of technologies you are building and overview of how
       o How long your honeypot(s) have been deployed
       o What you hope to learn
       o What you have learned
       o Section for bi-annual status reports.
4.6  Organization must have a PGP key.
4.7  Organizations are encouraged to review with legal counsel any 
     legal issues that may exist for their organization or environment.
     The Honeynet Project has not confirmed what legal issues exist
     with honeypot technologies.
4.8  Organizations that deploy honeypots and related technologies for
     data capture must use passive means.  No active means of data capture 
     are acceptable under the Alliance.  
4.9  Organizations are expected to play an active role in the Alliance.
     Organizations will be reviewed by the Steering Committee every six months.
     An organization that is not taking any active role will be given a
     warning.  After three months of inactivity, the organization will be asked 
     to step down from the Alliance. 

5.0 MEMBERSHIP
==============
The following process is used to review and accept new member organizations.

5.1  Member organizations must review and agree to the requirements set forth in
     section 4.0.
5.2  Prospective member organization sends in request to join to <project@honeynet.org>.
5.3  Request is reviewed by Steering Committee.
5.4  If accepted, new member organization is on probation status for six months.
5.5  At the end of that six month period, probation member organization is reviewed
     by the Steering Committee to determine if they have been actively contributing.
     If so, they are given full, active membership.  If not, they are removed from
     the Alliance.


6.0 STATUS REPORTS
==================
A status report is documentation sharing with the community what and how you 
have contributed to the community.  The purpose of status reports is so others 
can learn from your work and findings.  Status reports are due twice a year, 
at the end of March and September.  Each site will have a link from its home 
page to status reports.  Each status report will follow the format below.  
Organizations are not expected to contribute in all the ways listed below, but 
are expected to actively contribute.

              --- Begin Status Report Format ---

1.0 DEPLOYEMENTS
=================
1.1  Current technologies deployed. Describe anything that you have
     deployed that is collecting information, including honeynets,
     client honeypots, honeyd, mwcollect, or anything else honeypot
     related.


2.0 FINDINGS
=============
2.1  Highlight any unique findings, attacks, tools, or methods.
2.2  Any trends seen in the past six months.


3.0 LESSONS LEARNED
===================
3.1  What new positive things can you share with the community, so
     they can replicate your success?
3.2  What new mistakes can you share with the community, so they
     don't make the same mistakes?
3.3  Are there any research ideas you would like to see developed?


4.0 TECHNOLOGY
=======================
4.1  What tools or functionality are we lacking, what do we need to 
     work on?
4.2  What new tools or technology are you working on?
4.3  Would you like to integrate this with any other tools, or you
     looking for help or collaboration with others in testing or
     developing the tool?


5.0 PAPERS AND PRESENTATIONS
============================
5.1  Are you working any papers to be published, such as KYE or academic
     papers?
5.2  Are you looking for any data or people to help with your papers?
5.3  Where did you publish/present honeypot-related material?


6.0 ORGANIZATIONAL
==================
6.1  Changes in the structure of your organization.
6.2  Your feedback on Alliance activities.
6.3  Any suggestions for improving the Alliance?


7.0 GOALS
=========
7.1  Which of your goals did you meet for the last six months?
7.2  Which of your goals did you not meet for the last six months?
7.3  Goals for the next six months


8.0 MISC ACTIVITIES
====================
8.1  Anything else not covered you would like to share.

                         --- End Status Report Format ---



7.0 RESEARCH ALIAS
===================
The [Alliance] maillist provides a closed participation non moderated 
forum for organizations actively researching and/or deploying Honeynets.  
Discussion is focused on Honeynet research, deployment, management, and
analysis methodology.

7.1  Limit of two accounts per organization on the alias
7.2  When an organization first joins the Alliance, they are expected
     to send the list a letter of introduction explaining:
	o Who they are
	o What they hope to learn
	o What they hope to contribute to the security community
	o Technical details on their honeypot or planned honeypot
          deployment.
7.3  Discussion is limited to honeynet research, development, deployment, 
     management, analysis, and findings.