NVD - Code Curmudgeon

US National Vulnerability Database is a repository of known security issues in software, devices, systems, etc. Each issue can be linked to a CVE. Data is stored in a common format called SCAP to enable easy automation in order to update notification of needed patches and other remediation. See https://nvd.nist.gov/

Definitioner

SCAP

SCAP stands for security content automation protocol. It's an open protocol used by NVD to enable easy automation of security vulnerability notification, research, tooling, etc. See https://csrc.nist.gov/projects/security-content-automation-protocol/

CVE

CVE stands for "Common vulnerabilities and exposures" and is a way to define a particular security vulnerability in application, system, device, etc. Each security problem gets a unique CVE identifier and is listed as well in the NVD registry. Additionaly, sometimes further efforts can be linked to the underlying issues in application code itself, and will associate the CVE with particular CWE IDs. See https://cve.mitre.org

vulnerability

This is a tricky word, especially in application security or cybersecurity. The simple definition in a software context is that the code has some problem that could be exploited by someone at some point. Some think of it as a piece of code with a proven exploit, IE a static analysis violation with a stack trace and values used. This is a very narrow definition that probably doesn't help improve the state of the art. I prefer the idea that it's code that is exploitable based on the body of knowledge (as encapsulated in software coding standards).

CAN (Controller Area Network)

Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.