Security Glossary

The practice of ensuring that applications and systems are configured securely, following best practices and organizational policies.

A system that collects, analyzes, and reports on security-related data from various sources to provide a comprehensive view of an organization's security posture.

The level of development and capability an organization has in implementing, managing, and continuously improving its security practices and controls to protect against threats and vulnerabilities.

A set of tools and processes designed to automate and streamline security operations, including incident response and threat management.

A set of rules and practices that govern how an organization protects its information and IT assets.

A weakness in a system, application, or network that can be exploited by attackers to gain unauthorized access, cause disruptions, or steal sensitive information.

Shadow AI refers to the use of artificial intelligence systems and tools within an organization without explicit approval or oversight by its central IT or AI department.

The practice of performing testing earlier in the software development lifecycle to identify and fix issues promptly.

A comprehensive list of components, libraries, and dependencies used in software development.

A process that identifies and manages open source and third-party components within an application, ensuring they are secure and compliant with licensing requirements.

External code libraries or modules that a software project relies on to function properly.

Process of protecting the entire lifecycle of software, from development through deployment and maintenance, to prevent vulnerabilities and ensure the integrity, authenticity, and security of software components.

Potential security weaknesses within the processes and components involved in developing, managing, and distributing software, which can be exploited by malicious actors.

A testing method that analyzes source code, bytecode, or binary code for security vulnerabilities without executing the program.

The process of identifying, categorizing, and evaluating potential threats to an application to develop strategies for mitigating those threats.

A proactive approach to identifying, assessing, and mitigating security threats and vulnerabilities within an organization's IT environment.

An comprehensive approach to cybersecurity, bringing together all the information about possible security gaps in an organization's network, software and systems.

Systematically identifying, evaluating, and prioritizing security weaknesses in an organization's IT infrastructure, including networks, applications, and systems, to mitigate potential risks.

The process of identifying weaknesses and security flaws in an organization's systems, applications, and networks.

The practice of identifying, evaluating, remediating, and reporting on security vulnerabilities in applications and systems.

Identifying security weaknesses in an organization's IT systems, applications, and networks through automated tools and techniques to prevent potential exploits.

Systematically examining computer systems, networks, and applications for security weaknesses that could be exploited by attackers.