Brass richtlines
This document is still a work-in-progress, until this disclaimer is removed StudSec does not officially endorse, support or otherwise approve of brassing in the way this document outlines or otherwise.
Overview
'Brassing' is a traditional student activity in which items or (certain) people are stolen from their student association and ransomed bank with a letter (referred to as a 'bras brief'). This letter announces to the association what item or person was stolen, and lists the demands the association is deemed to meet in order for the return of the individual/item. The tradition of brassing has been established as a way to strengthen the bonds between sister associations (referred to as 'verbroedering').
The guidelines outlined in this document are not binding, but are setup to ensure brassing is considered a positive interaction for all parties involved. They are roughly based on existing guidelines, which can be found here.
It should be noted that these guidelines apply both to members of StudSec seeking to bras, as well as other associations seeking to bras from StudSec.
Rules
- Firstly consider why you wish to bras and who. The goal of brassing is to strengthen existing bonds. These bonds may be because of an existing (friendly) rivalry between your association and StudSec, because of a shared location (the VU or Amsterdam) or because of existing friendships.
- Brassing happens on the same level, this means that a dispuut or committee does not bras from a board or vice versa. A board may enlist the help of their association members when conducting an attempt at brassing but this action must be fully supported by initiating board.
- Ensure that everyone that will bear the consequences of your bras action is aware of this. This means that the board is not responsible for any bras action initiated by members unless they give prior approval. Similarly, if a board has conducted a bras they should inform their association of this.
- Do not abuse sincere hospitality, if you are somewhere on invitation, or given digital access to a system for friendly reasons, do not use the opportunity to bras. Constitutie Borrels (COBO) and Dies/Lustrum Borrels are an exception to this.
- Be aware that not all your demands may be met, in this case both parties should try to come to a friendly compromise.
- Do not let the consequences of brassing continue after the demands have been met. Should any hard feelings remain after this make sure to voice these and take steps to ensure that it is resolved going forward. Brassing is meant to strengthen existing bonds, not damage them.
- Brassing of objects
- Only association objects may be brassed. These are objects that belong to the association, have a high emotional or formal value but notably do not have a significant financial value.
- When an object is brassed responsibility must be claimed within 24 hours, this may be done by mail, phone call, video or other creative means.
- Do not lose or damage the brassed object. Should this happen make sure to communicate this to the association from which you brassed and seek a suitable solution together.
- It is permitted to modify or decorate the brassed object as you deem fit, do note that this may not be done in an irreversible way or a way in which the object my no longer be used for its origional function.
- Brassing of individuals
- Only board members of StudSec may be brassed, this may only be done during a Cobo or Diebo. The board member should be able to continue in their function at the event after the brass attempt (success or failure).
- For brassing of members of other associations members of StudSec should check with the bras guidelines of their target association.
- Brassing of IT infrastructure
- Being a cyber security focused association, StudSec allows for and encourages the brassing of its IT infrastructure. However, to ensure GDPR and operational compliance there are some rules that should be adhered to. Note that these rules only apply to StudSec infrastructure, and may under no circumstances be used to justify attacking other infrastructure.
- Do not cause permanent damage, this includes the deletion of data (including the logs you might have generated getting access). A competent sysadmin should be able to revert your access within 15 minutes.
- Do not interfere with the functionality of the targeted systems, at no point should a system break or go offline due to your actions.
- Do not access or extract sensitive information, this includes:
- Any information related to StudSec members
- The database of ctf.studsec.nl or any other database that can reasonably be assumed to contain person-related information
- API keys or other credentials
- When defacing a website take care to not to ruin the image of StudSec, it should not discourage any potential members or sponsors from being interested in StudSec.
- Should any of the above accidentally happen please immediately take up contact with board@studsec.nl
No Comments