Prometheus was no god.
That's something that many people forget or do not understand. He was neither a god nor a man, but made of older stuff. He was a titan.
When Gaia and Uranos mated, they made many children. The hecatoncheires, the cyclopses, and a dozen other monsters that roamed the earth. Each one, Uranos imprisoned back inside Gaia, all of them, until she bore the titans, whom he was pleased to look upon.
Mind you, his son Saturn later castrated him and usurped him at Gaea's urging, but this was the way of things for the Greeks.
When Zeus later rose up against the titans and their cruel reign, only a handful of the titans fought with the gods. Themis and Prometheus. The gods were later successful.
It would be foolish to claim that Prometheus was the sole originator of their victory, and I will not do so, though many of the ancient authors did. Prometheus fought, after all, for selfish reasons.
Men.
Prometheus granted writing, science, farming, medicine, and math to the humans, his children. The gods granted suffering and demanded sacrifices. When did Prometheus ever ask for a burnt carcass in his honor?
Men were one of his creations, you see. He wanted them kept safe and strong and viable. He wanted them to be blessed by the gods and looked after. Zeus was angered when he stole fire, and had him chained to a rock to have his liver eaten by an eagle each day.
Just as Prometheus stole fire from the gods, so too do we wrest the secrets from the universe daily. How mystical and magical must fire have been at one time. How dangerous and unbelievable. Could you imagine if the only source for something, the only thing you could relate it to, was a star?
How unbelievable it must have been to the ancient Greeks. And now? A trivial thing. A trivial thing once deified.
Such is the way of all great magics. Such is way of all great works. Such is the way of all unknown things.
With study and intuition, the mystical becomes common. No sacrifices are needed, and no blood is given. The doors of the universe are opening to us ever further.
Let us step through.
— From the Prometheus Labs Hiring Packet, circa 1982, written by [REDACTED]
Prometheus Labs, Incorporated was a private, for-profit conglomerate that was based around scientific research and development. Founded in 1892, the company focused exclusively on researching and developing anomalous technology for commercial and private sale. Prior to the events of [DATA EXPUNGED] in 1998, Prometheus Labs was considered to be one of the most prolific competitors of the Foundation. It had a large public profile as a purveyor of high-quality electronic, medical and pharmaceutical, automotive, optical, and industrial goods produced from anomalous research. Prometheus Labs also had classified contracts from various worldwide militaries, primarily the United States. It developed numerous specialized technologies for these groups, aimed at enhancing their military capabilities, such as [REDACTED].
Prometheus Labs was affiliated with most of the major Groups of Interest, having engaged in lawsuits with Wondertainment Industries, purchased objects from Marshall, Carter, and Dark, worked with the Church of Maxwellist Writ to develop brain-machine interfaces, designed low-cost food alternatives for the Manna Charitable Foundation, sold tools and supplies to Are We Cool Yet?, the Global Occult Coalition, and the Chaos Insurgency, and waged industrial espionage against GRU Division "P". Prometheus Labs was neither openly antagonistic nor helpful to the Foundation. The Foundation offered to design custom containment protocols for Prometheus Labs' more volatile objects, but were declined.
Following [DATA EXPUNGED] and the resulting coverup, many of the projects in development were seized by the Foundation, and surviving personnel taken into the Foundation's employment. It is believed that other Groups of Interest also stole projects and research from other facilities. Prometheus Labs had numerous networks, branches, and affiliates and offices around the world. Although all of these locations had generalized work, they were primarily dedicated to individual specialized fields of research. For instance, the Prometheus Labs branch in Kolkata focused on optical research with lasers, while the New Mexico facility was dedicated to computer sciences. Prometheus Labs also had more esoteric facilities, such as a laboratory in the Marianas Trench that researched planetary engineering. Certain documents indicate the existence of a fully self-sustained facility on Mars which studied nuclear physics and quantum mechanics, and a facility constructed in the Jurassic period that researched genetic engineering (these facilities have yet to be located).
Distributed Internationally:
From Overseas Subsidiaries:
Prometheus Labs is first and foremost a research and development corporation. There are many problems that we are working to solve, but as a for-profit company, there are limited funds available to solve them. Therefore, Prometheus Labs must prioritize funding for those projects and research that we feel deserve it.
However, we pride ourselves on the independent research performed by our world-class scientists. Products such as the mental web and teleportation were developed by researchers working on their vacation days. For this reason, Prometheus Labs has instituted a policy of independent research for eight hours per week. We have also provided this proposal request form. In the event that you wish to pursue an independent avenue of study full-time, please fill out this form and submit it to Human Resources. Please allow two to four days for processing.
GRANT REQUEST FOR [INSERT PROJECT HERE]
Do not give your project a special name. Name it based on what it is: a grant request for a scientific question.
PROBLEM
What are you trying to achieve? What problem are you trying to solve?
Explain the issue in great detail. Make it clear why this is a problem that Prometheus Labs should work on.
SOLUTION
Explain the proposed technology solution. How exactly does it work? What does it do to solve the problem? What is the technology and/or the research behind the proposal that supports its viability? What are the benefits of the technology and/or research? Bibliographies recommended.
BUSINESS CASE
Who will purchase or use this product or knowledge? Give demographics (age group, ethnicity, economic class, etc. ). List potential markets. If it is a product, what makes this product different from similar products already on the market? What makes it a more appealing choice? How will the use and/or sale of this research and/or technology benefit Prometheus Labs or scientific knowledge?
USE OF FUNDING
You are asking for funding to support development and research of this concept. What will the funds go into? What will they be used for? What will the funds purchase? Who will they hire? Give a timetable for expected lengths of work and dates of completion, a list of materials and tools to be used for the project, a list of necessary contractors, and the price ranges for all.
KNOWN ISSUES
What are the major stumbling blocks to the adoption, widespread use, and/or profitability of this research and/or technology? Known bugs, difficulties in bringing to market, project failures, etc. How can these issues be fixed?
This is a very heavily watered-down format of actual grant proposals and various engineering competitions I've entered. Prometheus Labs is a company with limited funds. Therefore, it must select only the best and most well-thought-out projects to fund. The problem and solution are self-evident. The business case is basically justifying the creation of the object and whether or not there is a plan to make it work. The use of funding is to make sure that the money poured into the project actually goes to good use. The known issues are a pragmatic way to make sure that this product actually has a future, and that its creator is thinking ahead.
You don't need a bibliography, but it would definitely enhance it.
This format is basically another perspective on SCP objects that Prometheus Labs made. They were designed with a commercial purpose in mind. What was that purpose? What was it intended for? Who was it intended for?
The format is basically asking you "why would this object be created in the first place?"
It may be more difficult to use this to create a story than you are used to, but it also offers a unique perspective on an SCP: that of its creator.
There is only one thing that needs to be kept in mind when using this format: the road to hell is paved with good intentions.
Overall Structure
The basic template for a Redzone Security Advisory is as follows. Each of the sections is explained later in the appropriate section.
[Header Block]
----
++ Summary
++ Affected Products
++ Indicators of Compromise
++ Workarounds
++ Fixed Software
++ Exploitation and Public Disclosure
++ Source
The Header Block
To create the header block for a Redzone Security Advisory, include the
redzone-advisory component, with the following parameters:
- title (optional)
- The title given to the vulnerability, for ease of referencing it. This should be the same as the page title.
- id (required)
- The vulnerability ID number. This always takes the following form: redzone-sa-12345678-2-to-3-word-summary. This should also normally correspond to the page URL, which should take this form: www.scp-wiki.net/redzone-sa-12345678.
- updated (optional)
- The date when this advisory was last updated. Omit this parameter if it is the same as the publication date.
- published (optional)
- The date on which the first version of this advisory was published.
- version (optional)
- The advisory version number indicating the number of times this advisory has been updated. Use two-position version numbers starting from 1.2 for the second version. If this is the first version, omit this parameter.
- final (optional)
- Whether or not this is considered the 'final' version of the document; defaults to true. If you are describing a vulnerability for which there is not yet a fix, or for some other reason is not 'final', set this to false.
- impact (required)
- The Basic CVSS score for this vulnerability, a number ranging from 0.0 for not a vulnerability, to 10.0 for an extremely bad vulnerability. You can calculate this by entering its details into this CVSS calculator tool, or you can just guess.
- worknd (optional)
- Whether or not there are workarounds for this vulnerability, short of updating to a fixed version. Defaults to false. If there are workarounds, make sure to set this parameter to true.
- bugs (required)
- The internal bug ID numbers of the bugs that resulted in this vulnerability. ID numbers should be of the form RZux12345. Separate multiple numbers with a newline.
- cve (optional)
- The Common Vulnerabilities and Exposures (CVE) number(s) that refer to this vulnerability. CVE numbers have the form CVE-year-digits, where digits is four or five digits long. (Technically they can be longer, but that is unusual.) Make sure to search the CVE database first to make sure that the number(s) you pick are not in use. Note that numbers from the current year may still be assigned, however. Separate multiple numbers with a newline.
- cwe (optional)
- The Common Weakness Enumeration number(s) that that are involved in the vulnerability. CWE numbers have the form CWE-123. Make sure that any CWE numbers you list actually correspond to the appropriate weaknesses. You can kinda-sorta use this site to look up the correct CWE numbers, but the site is mostly unusable and the CWE system is even more complicated than the SCP Foundation tag system. If you want help finding the right CWE numbers, send a wikidot PM to AJMansfield and he will help you find the right CWE numbers. Separate multiple numbers with a newline.
Here is an example of a fully-parameterized instance of the redzone-advisory component:
[[include component:redzone-advisory
|title=Redzone Thingamajig Server Cromulator Vulnerability
|id=redzone-sa-12345678-thingamajig-cromulator
|updated=2005-01-01
|published=2004-01-01
|version=1.9
|final=false
|impact=7.0
|worknd=false
|bugs=RZux12345
RZux23456
|cve=CVE-1234-5678
CVE-1234-6789
|cwe=CWE-123
CWE-234
]]
If you want to make a security advisory from some
other company, that is also possible, using the
redzone-advisory-base component instead of the
redzone-advisory component. This allows you to specify two additional parameters:
- logo (required)
- Specify the path for another image to use, instead of the Redzone Security logo at the top.
- color (required)
- The color code to use for all colored highlights. In most cases you should set this to the dominant color of the logo, but you should make sure that it has enough contrast with the page background first. You can do that using this WCAG Contrast Checker tool - Ideally all 6 circles should turn green when you input your color in the "fg" box, although 5 out of 6 is usually good enough.
Additionally, all previously optional parameters need to be specified when using redzone-advisory-base; in order to omit a piece put false as the parameter value.
Summary
This section is intended to give a technical summary of the vulnerability. This can contain a number of different things, such as:
- How the vulnerability works.
- What causes the vulnerability.
- How someone might try to exploit the vulnerability.
- Anything else that doesn't fit somewhere else.
Think of this as analogous to the description of an SCP article, except don't directly state what anomalous effects it has - that goes later, in the Indicators of Compromise section.
Affected Products (optional)
This section details exactly which of Redzone's products are affected by this vulnerability. In most cases, this is most easily done using a table, like this:
Vulnerable Product |
Fixed In: |
Redzone Cromulator 3000 Series |
1.2.3 |
Redzone Thingamajig Server |
2.3.4 |
To do that, use this code:
||~ Vulnerable Product ||~ Fixed In: ||
|| Redzone Cromulator 3000 Series || 1.2.3 ||
|| Redzone Thingamajig Server || 2.3.4 ||
Keep this section short, though - this is only here for verisimilitude, and going on for pages and pages about what products are affected is probably more verisimilitude than readers will be willing to read. In some cases it may be appropriate to omit this section entirely.
Indicators of Compromise
This is probably the most important section for the article, in that it describes what sort of anomalous effects the vulnerability might cause. Think of this as analogous to the part of the description in an SCP article where you do the big reveal about the anomaly.
Workarounds (optional)
State any measures that a redzone customer might take to mitigate the risk or otherwise contain the vulnerability. Think of this as analogous to the containment procedures of an SCP article.
If no workarounds exist, this section may be omitted.
Fixed Software (optional)
If there is any reason that the Foundation might not be able to fix this problem by upgrading to a newer version, state these reasons here.
This section may be omitted or replaced with standard boilerplate as needed, for example: "When considering software upgrades, customers are advised to consult the Redzone Security Advisories and Responses archive and review subsequent advisories to determine exposure and a complete upgrade solution."
Exploitation and Public Disclosure (optional)
This is the part where you can describe what effect this bug actually had on the Foundation Redzone's clients. If it caused everything to go to hell, say so. Also describe how widely-known the vulnerability was before this document was published.
This section may be omitted or replaced with standard boilerplate as needed, for example: "The Redzone Security Incident Team (RSIT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
Source (optional)
Here you can give a background or timeline of how this vulnerability was discovered. This section may be omitted or replaced with standard boilerplate as needed, for example: "This vulnerability was discovered by Redzone during internal security testing."