Security Glossary

The potential for losses or legal penalties due to violations of laws, regulations, or prescribed practices.

A lightweight, standalone executable package of software that includes everything needed to run it, ensuring consistency across environments.

AppSOC�s proprietary technology for prioritizing security issues based on severity, exploitability, and business context.

A practice that automates the integration and deployment of code changes, enabling frequent and reliable updates to applications.

A proactive and continuous program to monitor, evaluate, and reduce levels of exploitability and validate analysis and remediation processes.

The aspect of information technology that deals with the ability of an organization or individual to determine what data can be shared with third parties.

The process of determining and fetching the correct versions of dependencies for a software project.

A methodology that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle, deliver high-quality software continuously, and improve collaboration between development and operations teams.

An approach that integrates security practices into the DevOps process, ensuring that security is incorporated at every stage of the software development lifecycle to enhance the overall security posture of applications.

A testing method that analyzes applications in their running state to identify vulnerabilities by simulating external attacks.

A system that monitors and analyzes endpoint activities to detect, investigate, and respond to security incidents in real-time.

A process developed by First.org for estimating the likelihood that a software vulnerability will be exploited in the wild.

A failure to detect an actual vulnerability or threat, leading to a potential security risk remaining unaddressed.

A security alert that incorrectly indicates the presence of a vulnerability or threat when none exists.

European Union regulation that mandates strict data privacy and security measures for protecting personal data, giving individuals greater control over their personal information.

Artificial intelligence systems that create new content, such as text, images, or music, by learning patterns from existing data, exemplified by models like OpenAI's GPT-4.

U.S. law that sets national standards for the protection of sensitive patient health information, ensuring that such information is kept confidential and secure, particularly in electronic form.

The process used to manage the lifecycle of incidents to ensure that normal service operation is restored as quickly as possible.

The process of identifying, managing, and mitigating security incidents to minimize their impact on the organization.