Glossary

Open Source Software Terms

  • ACID (Atomicity, Consistency, Isolation, Durability): A set of properties of database transactions intended to guarantee data validity despite errors, power failures, and other mishaps.
  • Agile Methodology: Agile methodology is a type of project management process, mainly used for software development, where demands and solutions evolve through the collaborative effort of self-organizing and cross-functional teams and their customers.
  • Algorithm: An algorithm is a set of instructions designed to perform a specific task.
  • Apache License: A permissive free software license written by the Apache Software Foundation.
  • API (Application Programming Interface): An API is a set of rules that allow programs to talk to each other. The developer creates the API on the server and allows the client to talk to it.
  • Artificial Intelligence (AI): The simulation of human intelligence processes by machines, especially computer systems.
  • Augmented Reality (AR): An interactive experience of a real-world environment where objects residing in the real world are enhanced by computer-generated perceptual information.
  • Backend: The back end is where the technical processes happen, as opposed to the front end, which is usually where the user’s interaction occurs.
  • Behavior-Driven Development (BDD): Behavior-driven development (BDD) is an Agile software development process that encourages collaboration among developers, QA and non-technical or business participants in a software project.
  • Big O Notation: Big O notation is a mathematical notation that describes the limiting behavior of a function when the argument tends towards a particular value or infinity.
  • Blockchain: A system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system.
  • BSD License: A family of permissive free software licenses, imposing minimal restrictions on the use of software.
  • CAP Theorem: A principle that states that a distributed data store cannot simultaneously provide more than two out of three of the following guarantees: Consistency, Availability, and Partition Tolerance.
  • Cloud Computing: Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.
  • Concurrency: In computer science, concurrency is the ability of different parts or units of a program, algorithm, or problem to be executed out-of-order or in partial order, without affecting the final outcome.
  • Containerization: Containerization is a lightweight alternative to full machine virtualization that involves encapsulating an application in a container with its own operating system.
  • Continuous Deployment (CD): Continuous deployment (CD) is a software engineering approach in which software functionalities are delivered frequently through automated deployments.
  • Continuous Integration (CI): In software engineering, continuous integration (CI) implements continuous processes of applying quality control — small pieces of effort, applied frequently.
  • Cryptography: The practice and study of techniques for secure communication in the presence of adversarial behavior.
  • Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks.
  • Data Structure: In computer science, a data structure is a data organization, management, and storage format that enables efficient access and modification.
  • Database Management System (DBMS): A database management system (DBMS) is system software for creating and managing databases.
  • Declarative Programming: Declarative programming is a programming paradigm that expresses the logic of a computation without describing its control flow.
  • Dependency: A dependency is a file, component, or software package that a program needs to work correctly.
  • DevOps: DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality.
  • Distributed Version Control Systems (DVCS): These systems do not necessarily rely on a central repository, and each participant has a complete version of the codebase on their local machine.
  • Docker: A set of platform-as-a-service products that use OS-level virtualization to deliver software in packages called containers.
  • Edge Computing: A distributed computing paradigm that brings computation and data storage closer to the location where it is needed, to improve response times and save bandwidth.
  • Event-Driven Architecture: A software architecture paradigm promoting the production, detection, consumption of, and reaction to events.
  • Fork: A copy of a repository that resides in your account. It allows you to freely experiment with changes without affecting the original project.
  • Free Software Foundation (FSF): A non-profit organization originated by Richard Stallman in 1985.
  • Free/Libre/Open-Source Software (FLOSS): Open-source and free software, where everyone has the freedom to use it.
  • Freeware: The software which is free of charge and unnecessarily free to be used, copied, studied, modified, and redistributed as it is a computer system software.
  • Frontend: The front end is the part of a software application that the user interacts with directly. The back end, on the other hand, consists of the server and database.
  • Functional Programming: Functional programming is a programming paradigm where programs are constructed by applying and composing functions.
  • Gamification: The application of typical elements of game playing (e.g., point scoring, competition with others, rules of play) to other areas of activity.
  • Git: A distributed version control system commonly used in open source projects.
  • GitHub: A web-based hosting service for Git repositories.
  • GNU: Initiated and developed to complete a UNIX style operating system. It was launched in 1984 and has free software – GNU system.
  • GPL (General Public License): A widely used free software license that guarantees end users the freedom to run, study, share, and modify the software.
  • GraphQL: GraphQL is an open-source data query and manipulation language for APIs, and a runtime for executing those queries with your existing data.
  • Hypervisor: Software, firmware, or hardware that creates and runs virtual machines by separating a computer’s software from its hardware.
  • Imperative Programming: Imperative programming is a programming paradigm that uses statements that change a program’s state.
  • Integrated Development Environment (IDE): An IDE is a software application that provides comprehensive facilities to computer programmers for software development.
  • Internet of Things (IoT): The network of physical objects—devices, vehicles, buildings, and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data.
  • Kanban: Kanban is a scheduling system for lean manufacturing and just-in-time manufacturing. It is an inventory-control system to control the supply chain.
  • Kubernetes: An open-source system for automating deployment, scaling, and management of containerized applications.
  • License: A legal document that specifies what users can and can’t do with a software.
  • Localisation: The process of adapting a product’s translation to a specific country or region.
  • Machine Learning: A field of computer science that uses statistical techniques to give computer systems the ability to “learn” from data.
  • Markdown: A lightweight markup language for creating formatted text using a plain-text editor.
  • Microkernel: A minimalistic kernel in operating system design that provides the mechanisms needed to implement additional services such as device drivers, protocol stacks, file systems, etc.
  • Microservices: Microservices – also known as the microservice architecture – is an architectural style that structures an application as a collection of services that are highly maintainable and testable, loosely coupled, independently deployable, organized around business capabilities, and owned by a small team.
  • Middleware: Middleware is software that lies between an operating system and the applications running on it. It’s a software layer that bridges the gap between separate applications, allowing them to communicate and share data.
  • Mixed Reality (MR): A blend of physical and digital worlds, unlocking natural and intuitive 3D human, computer, and environment interactions.
  • Model-View-Controller (MVC): Model–view–controller (usually known as MVC) is a software design pattern commonly used for developing user interfaces that divides the related program logic into three interconnected elements.
  • Monolithic Kernel: A kernel architecture where the entire operating system works in kernel space and is alone in supervisor mode.
  • Multithreading: Multithreading is the ability of a central processing unit (CPU) (or a single core in a multi-core processor) to provide multiple threads of execution concurrently, supported by the operating system.
  • Multiprocessing: Multiprocessing is the use of two or more central processing units (CPUs) within a single computer system.
  • Natural Language Processing (NLP): A branch of AI that helps computers understand, interpret, and manipulate human language.
  • NoSQL Database: A variety of database technologies designed to accommodate a wide array of data models, including key-value, document, columnar, and graph formats.
  • Open Source Initiatives (OSI): This organization promotes open-source software.
  • Open Source Software (OSS): Software that is released with a license allowing anyone to view, use, modify, and distribute the software’s source code.
  • ORM (Object-Relational Mapping): A programming technique for converting data between incompatible type systems using object-oriented programming languages.
  • Patch: A small piece of software designed to update or fix problems with a computer program or its supporting data.
  • Package Manager: A collection of software tools that automates the process of installing, upgrading, configuring, and removing software packages for a computer’s operating system in a consistent manner.
  • Procedural Programming: Procedural programming is a programming paradigm, derived from structured programming, based on the concept of the procedure call.
  • Proprietary Software: This software source code is not available freely. The regulation and distribution are done with special permission of the supplier or proprietor.
  • Public Key Infrastructure (PKI): A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
  • Pull: Refers to when you are fetching in changes and merging them. For instance, if someone has edited the remote file you’re both working on, you’ll want to ‘pull’ in those changes to your local copy so that it’s up to date.
  • Pull Request (PR): A method of submitting contributions to an open source project.
  • Push: Refers to sending your committed changes to a remote repository such as GitHub.com.
  • Quantum Computing: A type of computing that uses quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data.
  • Query Language: A query language is a kind of programming language that’s designed to facilitate retrieving specific information from databases, and that’s exactly what SQL does.
  • Recursion: Recursion in computer science is a method where the solution to a problem depends on solutions to smaller instances of the same problem.
  • Relational Database Management System (RDBMS): A type of DBMS that uses a table-based structure to link data in different tables through common data attributes or columns.
  • Representational State Transfer (REST): Representational state transfer (REST) is a software architectural style that defines a set of constraints to be used for creating Web services.
  • Repository (Repo): A central file storage location where developers store and share their code.
  • Runtime: The period of time when a program is running. It begins when a program is opened (or executed) and ends when the program is quit or closed.
  • Scripting Language: A scripting language is a programming language that is used to manipulate, customize, and automate the facilities of an existing system.
  • Scrum: Scrum is an agile framework for developing, delivering, and sustaining complex products, with an initial emphasis on software development.
  • Serverless Computing: Serverless computing is a cloud-computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources.
  • Software Development Life Cycle (SDLC): The software development life cycle (SDLC) is a framework defining tasks performed at each step in the software development process.
  • Software Framework: In computer programming, a software framework is an abstraction in which software providing generic functionality can be selectively changed by additional user-written code.
  • Software Library: A collection of non-volatile resources used by computer programs, often for software development.
  • SQL (Structured Query Language): A programming language used for managing and manipulating relational databases.
  • Staging: This is a step before the commit process in git. That is, a commit in git is performed in two steps: staging and actual commit.
  • Test-Driven Development (TDD): Test-driven development (TDD) is a software development process that relies on the repetition of a very short development cycle: requirements are turned into very specific test cases, then the code is improved so that the tests pass.
  • Version Control System (VCS): A system that tracks changes to a file or set of files over time so that specific versions can be recalled later.
  • Virtual Reality (VR): A simulated experience that can be similar to or completely different from the real world.
  • Virtualization: Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, storage devices, and computer network resources.
  • YAML (YAML Ain’t Markup Language): YAML is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.
  • XML (eXtensible Markup Language): XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

Cyber Security Terms

  • Advanced Persistent Threat (APT): Sophisticated, stealthy, and prolonged cyberattack often used by nation-states to infiltrate and remain hidden in high-profile networks.
  • Advanced Threat Protection (ATP): Security solutions that defend against complex and sophisticated malware or hacking attacks targeting sensitive data.
  • Adware: Software that displays unwanted ads, sometimes including malware, often bundled with free programs.
  • Anti-Botnet: Tools that detect and prevent botnet activities, commonly using CAPTCHA for user verification.
  • Anti-Malware: Software designed to protect against viruses, spyware, adware, and other malicious programs.
  • Anti-Phishing: Measures to protect users from fraudulent websites and emails mimicking legitimate sources to steal information.
  • Anti-Virus: Software to protect against viruses, spyware, trojans, and worms, typically through scanning email and internet traffic.
  • Attack Vector: Methods and pathways an attacker exploits to breach a system, including technological vulnerabilities and human behavior.
  • Authentication: Process of verifying a user’s or system’s identity, typically using credentials like usernames and passwords.
  • Backdoor: Covert method to bypass normal authentication and gain unauthorized access to a system or network.
  • Banker Trojan: Malicious program designed to steal sensitive financial information and online banking credentials.
  • Blacklist/Blocklist/Denylist: Access control mechanism that prevents specified elements like emails or IPs from accessing a system.
  • Bot: Program that automates tasks, often used for malicious purposes like spamming or data harvesting.
  • Botnet: Network of infected computers controlled remotely for malicious activities like DDoS attacks or spam distribution.
  • Brute Force Attack: Method to guess a password or key by systematically trying every possible combination until the correct one is found.
  • Business Continuity Plan: Strategy for maintaining business operations during major disruptions like cyberattacks.
  • Business Disruption: Interruptions in normal business operations, often caused by cyberattacks, leading to potential losses.
  • BYOC (Bring Your Own Computer): Policy allowing employees to use their personal computers for work-related tasks.
  • BYOD (Bring Your Own Device): Organizational policy permitting personal device use for work purposes and accessing company data.
  • BYOL (Bring Your Own Laptop): Practice where employees use personal laptops for professional tasks, including accessing company systems.
  • CAPTCHA: Test to determine if a user is human, often using image recognition or simple arithmetic challenges.
  • Clickjacking: Technique that tricks users into clicking on a different object than they intend, often leading to unauthorized actions.
  • Clientless: Refers to network-based programs that run without needing installation on the user’s device.
  • Code Injection: Malware tactic of inserting malicious code into legitimate processes to evade detection.
  • COTS (Commercial off-the Shelf): Packaged solutions adapted for specific organizational needs, as opposed to custom-made solutions.
  • Critical Infrastructure: Fundamental systems vital to an organization’s survival, where threats could endanger the entire entity.
  • Cryptojacking: Unauthorized use of someone’s computer to mine cryptocurrency.
  • Cyberbullying: Use of electronic communication to bully or harass, often via social media or messaging platforms.
  • Cybersecurity: Processes and technologies designed to protect organizational information assets from theft or attack.
  • Dark Web: Encrypted part of the internet not indexed by search engines, used for anonymous communication and illegal activities.
  • Data Breach: Event where a hacker exploits a vulnerability to access a network or device’s files and data.
  • Data Integrity: Maintenance of data quality throughout its lifecycle, ensuring accuracy and consistency.
  • Data Loss Prevention (DLP): Security tools and procedures aimed at preventing unauthorized access to sensitive data.
  • Data Theft: Deliberate stealing of sensitive data by malicious entities.
  • DDoS (Distributed Denial of Service): Attack where multiple systems flood a target with traffic to disrupt service.
  • Decryption: Process of converting encrypted data back into its original form.
  • Detection and Response: Security solutions for identifying and mitigating malicious network activity.
  • Digital Forensics: Analysis and interpretation of electronic data for use as legal evidence.
  • Digital Transformation: Use of digital technologies to modify or create new business processes and customer experiences.
  • Domain Name Systems (DNS) Exfiltration: Attack on DNS servers to gain unauthorized access and data loss.
  • Drive-By Download Attack: Malware distribution method where insecure websites are used to install malware on visitors’ devices.
  • Encryption: Process of converting data into a secret code to prevent unauthorized access.
  • Endpoint Protection: Network security management that monitors and protects endpoints like workstations and mobile devices.
  • Endpoint Detection and Response (EDR): Tools for protecting computer endpoints from threats, usually through continuous monitoring.
  • Exploit: Utilization of a system vulnerability to attack or penetrate it.
  • Fast Identity Online (FIDO): Set of standards for passwordless authentication using existing technologies.
  • Fileless Malware: Malicious attack that exists exclusively in volatile memory components like RAM, making it hard to detect.
  • Firewall: Security system creating a barrier to prevent unauthorized access to a network.
  • Greylist: List of items temporarily blocked or allowed until an additional action is performed.
  • Hacker: Individual who gains unauthorized access to networks or systems.
  • Honeypot: Security mechanism to attract and trap attackers by simulating weak network resources.
  • Identity and Access Management (IAM): Process of granting or denying access to secure systems, integrating workflow and security analysis.
  • Identity Theft: Illegal gathering of personal information to commit fraud or theft.
  • Indicators of Compromise (IOC): Forensic data indicating potential malicious activity on a system or network.
  • In-line Network Device: Device that receives and forwards packets to their destination, including routers and firewalls.
  • Insider Threat: Security risk from authorized users with access to sensitive information.
  • Intrusion Prevention System (IPS): Designed to prevent network penetration by malicious entities.
  • IoT (Internet of Things): Network of objects connected to the internet, transferring data without human interaction.
  • Keylogger: Spyware recording every keystroke on a computer, including messages and passwords.
  • Malvertising: Use of online ads to distribute malware.
  • Malware: Intrusive software with malicious intent against the user.
  • Man-in-the-Middle Attack: Attack where communications are secretly intercepted and possibly altered by an attacker.
  • MITRE ATT&CK™ Framework: Matrix of tactics and techniques for classifying attacks and assessing organizational risk.
  • Network-based Security: Cybersecurity services operating within a network, protecting all connected devices.
  • Parental Controls: Features in digital services to restrict content access for children.
  • Patch: Code added to an operating system or application to update or fix it.
  • Pen Testing (Penetration Testing): Practice of testing a computer system, network, or web application to find vulnerabilities.
  • Phishing: Internet fraud seeking to steal user credentials through deception.
  • PII (Personal Identifiable Information): Data that identifies an individual’s unique identity.
  • Process Hollowing: Security exploit replacing code in an executable file with malicious code.
  • Ransomware: Malware blocking access to a computer or encrypting data, demanding payment for restoration.
  • Remote Desktop Protocol (RDP): Protocol for remote connection to Windows computers, often exploited by attackers.
  • Risktool: Programs with various functions, including cryptocurrency mining, used in stealth mode by cybercriminals.
  • Rootkit: Software giving hackers remote access to, and control over, a computer or network.
  • Sandbox(ing): Isolated network environment for safely executing suspicious code.
  • Scareware: Malware using scare tactics to trick users into visiting harmful websites.
  • SECaaS (Security as a Service): Cloud computing service providing security applications and maintenance.
  • Secure Socket Layer (SSL): Security technology for encrypted links between web servers and browsers.
  • Security Incident Response: Planned management of the aftermath of a cyber attack or breach.
  • Security Operations Center (SOC): Facility for monitoring, assessing, and defending enterprise information systems.
  • Security Perimeter: Defined digital boundary within which a specific security policy is applied.
  • SIEM (Security Information and Event Management): Continuous monitoring and evaluation of an organization’s security.
  • SIM Swapping: Scam intercepting SMS verification codes for online banking.
  • Sniffing: Capture of data transmitted over a network, often used maliciously to intercept unencrypted data.
  • SOAR (Security Orchestration, Automation and Response): Software stack for automated collection and response to security threats.
  • Social Engineering: Method of manipulating users to gain unauthorized access to resources.
  • Spam: Unsolicited emails, typically unwanted advertising.
  • Spear Phishing: Targeted phishing scam aiming to defraud a specific individual or organization.
  • Spoofing: Disguising communication from an unknown source as being from a known, trusted source.
  • Spyware: Software secretly installed to gather sensitive data and transmit it to external entities.
  • Threat Assessment: Process of identifying and evaluating risks or threats to an organization.
  • Threat Hunting: Active search for advanced threats that evade existing security solutions.
  • Threat Intelligence: Proactively obtained intelligence to understand threats targeting an organization.
  • Two-factor Authentication (2FA): Combines a static password with an external authentication device or attribute.
  • Two-step Authentication: Requires a username and password plus an additional verification step.
  • Virus: A malicious program often transmitted via email or downloads, designed to infect devices and perform harmful actions like hijacking browsers, sending spam, and stealing personal information.
  • VPN (Virtual Private Network): A technology that extends a private network across a public one, allowing secure and private data exchange as if devices were directly connected to the private network.
  • Vulnerability: Weaknesses in software that can be exploited by hackers to compromise computer systems.
  • WAF (Web Application Firewall): A firewall for HTTP traffic, protecting web services from attacks by filtering, monitoring, and blocking malicious traffic.
  • White Hat – Black Hat: Terms describing ethical hackers (‘White Hats’) who protect against cyber threats, and criminal hackers (‘Black Hats’) who exploit vulnerabilities for illegal purposes.
  • Whitelist/Allowlist/Passlist: A control mechanism that permits only specified elements (like IP addresses or applications) to access a system, while blocking all others.
  • Worm: A self-replicating program that spreads across computers and networks, often causing damage by overloading systems.
  • Zero-Day Exploit: An attack that exploits a previously unknown vulnerability in software before the developer is aware and can issue a patch.
  • Zero-Touch Provisioning (ZTP): An automated process for configuring devices without manual intervention, reducing errors and setup time, and often eliminating the need for IT involvement.

Virtual Machine Glossary

  • Virtual Machine (VM): A software emulation of a physical computer, including its hardware and operating system.
  • Hypervisor: A software layer that enables multiple operating systems to share a single hardware host.
  • Host Machine: The physical computer on which the virtualization software runs and hosts VMs.
  • Guest Machine: A VM running on a host machine, also known as a guest operating system.
  • Virtual CPU (vCPU): A virtual processor unit provided to a VM, which represents a portion of the actual physical CPU’s capability.
  • Virtual Memory: A portion of memory allocated to a VM from the host machine’s physical memory.
  • Virtual Disk: A file or set of files that appears as a physical disk drive to a VM, but is actually stored on physical storage of the host machine.
  • Snapshot: A saved state of a VM at a specific point in time, allowing users to revert back to that state if needed.
  • Cloning: The process of creating an exact copy of a virtual machine, including its operating system, installed software, and files.
  • Live Migration: The process of moving a VM from one host to another while it is still running, with minimal downtime.
  • Virtual Network: A software-based network that exists within the host machine, allowing VMs to communicate with each other and with external networks.
  • Virtualization: The process of creating a virtual version of something, such as a server, storage device, network, or even an operating system.
  • Paravirtualization: A virtualization technique where the guest operating system is modified to work in harmony with the hypervisor for better performance.
  • Full Virtualization: A virtualization technique where the entire hardware is simulated, allowing an unmodified guest OS to be run.
  • Containerization: A lightweight alternative to full virtualization that involves encapsulating an application in a container with its own operating environment.
  • VMDK (Virtual Machine Disk): A file format that specifies a container for virtual hard disk drives to be used in VMware virtual machines.
  • VHD (Virtual Hard Disk): A file format representing a virtual hard disk drive, used by Microsoft’s virtualization solutions.
  • VDI (Virtual Desktop Infrastructure): A virtualization technology that hosts a desktop operating system on a centralized server in a data center.