Glossary

The glossary is a constant work-in-progress. If you have words you’d like to have defined let me know. Or if you have definitions that are messing, let me know that too.

3 | 4 | a | b | c | d | e | f | g | h | i | j | k | l | m | n | p | s | v | w | z
Reset list
CAPEC -  CAPEC stands for Common attack pattern enumeration and classification and is a dictionary of known attack patterns used by hackers / bad actors / adversaries to exploit security vulnerabilities. See https://capec.mitre.org/
cloud computing -  From NIST: "cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
- Synonyms: Subversion
code review -  Code review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality.
- Synonyms: peer code review, peer review
Controller Area Network -  Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
- Synonyms: CAN bus, CAN
CPU -  The CPU or Central Processing Unit is the key brain of the computer, it's the part where most computation is actually done.
- Synonyms: central processing unit, processor, microprocessor
cryptojacking -  using someone else's computer to mine cryptocurrency. Cryptocurrency relies on complex equations that are CPU computationally intensive, but solving these equations gives you currency. Cryptojack payloads often come through malicious web pages.
- Synonyms: cryptojack
CVE -  CVE stands for "Common vulnerabilities and exposures" and is a way to define a particular security vulnerability in application, system, device, etc. Each security problem gets a unique CVE identifier and is listed as well in the NVD registry. Additionaly, sometimes further efforts can be linked to the underlying issues in application code itself, and will associate the CVE with particular CWE IDs. See https://cve.mitre.org
CWE -  CWE stands for "Common weakness enumeration" and is a way to define a particular security issue in programming code. CWE is a security effort lead by the US government and industry to define a taxonomy for coding problems that lead to security vulnerabilities. Each vulnerability reported has an CVE ID and should be linked to the underlying CWEs that lead to the issue. There are currently approximately 800 items defined in CWE and efforts are underway to map their technical impacts to what kinds of problems the weakness may cause, as well as ISO 27010. CWE is often known for it's CWE Top 25 and On the Cusp lists of the most common software security problems. See https://cwe.mitre.org