Glossary
Comprehensive glossary of migration, cloud, and software engineering terms. Learn key concepts and terminology for successful technology migrations.
Migration
The process of moving data, applications, or infrastructure from one environment to another
Lift and Shift
Moving an application to a new environment with minimal or no changes to its architecture
Replatforming
Making targeted modifications to an application to take advantage of cloud capabilities without changing core architecture
Refactoring
Restructuring existing code without changing its external behavior to improve quality and maintainability
Technical Debt
The implied cost of additional rework caused by choosing an easy solution now instead of a better approach
Strangler Fig
A migration pattern where new functionality wraps and gradually replaces the legacy system
Microservices
An architectural style structuring an application as a collection of loosely coupled, independently deployable services
Containerization
Packaging software code with its dependencies so it can run uniformly across computing environments
CI/CD
Continuous Integration and Continuous Deployment - practices for automating code integration and delivery
Infrastructure as Code
Managing and provisioning infrastructure through machine-readable configuration files
API Gateway
A server that acts as a single entry point for API calls, handling routing, composition, and cross-cutting concerns
Service Mesh
A dedicated infrastructure layer for handling service-to-service communication in microservices
Schema Migration
The process of changing a database schema from one version to another
ETL
Extract, Transform, Load - a process for moving and transforming data between systems
Feature Flag
A technique allowing features to be enabled or disabled without deploying new code
Rollback
Reverting a system to a previous version after a failed deployment or migration
Cutover
The point in migration when traffic or operations switch from the old system to the new
Backward Compatibility
The ability of new versions to work with data or interfaces from older versions
Polyglot Persistence
Using different data storage technologies for different data storage needs within an application
Bounded Context
A central pattern in Domain-Driven Design that defines clear boundaries within which a model is defined
Cloud-Native
An approach to building and running applications that fully exploits the advantages of the cloud computing delivery model
Modernization
The process of updating legacy systems, applications, or infrastructure to leverage current technologies and best practices
API Versioning
The practice of managing changes to an API over time while maintaining backward compatibility for existing consumers
Automation
The use of technology to perform tasks with minimal human intervention, often applied to testing, deployment, and infrastructure management
Canary Deployment
A deployment strategy that rolls out changes to a small subset of users before deploying to the entire infrastructure
Cloud Migration
The process of moving data, applications, and workloads from on-premises infrastructure to cloud-based services
CloudFormation
AWS service that provides infrastructure as code capabilities for provisioning and managing AWS resources using templates
Code Cleanup
The process of improving code quality by removing dead code, fixing style issues, and improving readability without changing functionality
Code Quality
A measure of how well-written, maintainable, and reliable source code is based on factors like readability, complexity, and test coverage
Compatibility
The ability of systems, software, or data formats to work together without modification or special adaptation
Containers
Lightweight, portable units of software that package code and dependencies together to run consistently across different computing environments
Dark Launching
A deployment technique where new features are released to production but hidden from users, allowing testing in real conditions
Data Integration
The process of combining data from different sources to provide a unified view and enable consistent data access across systems
Data Pipeline
A series of data processing steps that move and transform data from source systems to destination systems
Database Migration
The process of moving data between databases, including schema changes, data transformation, and platform transitions
Database Per Service
A microservices pattern where each service owns and manages its own database, ensuring loose coupling between services
Domain-Driven Design
A software design approach that focuses on modeling software based on the business domain and its logic
Deployment
The process of releasing and installing software applications to a target environment where they can be accessed by users
Deprecation
The process of marking features, APIs, or components as outdated and planned for removal in future versions
Digital Transformation
The integration of digital technology into all areas of a business, fundamentally changing how it operates and delivers value
Disaster Recovery
A set of policies, tools, and procedures to enable the recovery of vital technology infrastructure after a natural or human-induced disaster
Distributed Systems
Computing systems where components located on networked computers communicate and coordinate their actions by passing messages
Docker
A platform for developing, shipping, and running applications in containers, providing consistent environments across development and production
Domain Model
A conceptual model of a business domain that incorporates both behavior and data, representing the key entities and their relationships
ELT
Extract, Load, Transform - a data integration approach where data is first loaded into the target system before transformation occurs
Envoy
A high-performance open-source edge and service proxy designed for cloud-native applications, commonly used in service mesh architectures
Facade Pattern
A structural design pattern that provides a simplified interface to a complex subsystem, hiding its complexity from clients
Feature Toggle
A technique that allows teams to modify system behavior without changing code, enabling features to be turned on or off dynamically
Flyway
An open-source database migration tool that uses SQL scripts to version control and apply database schema changes
Go-Live
The moment when a system, application, or migration goes into production use, marking the transition from development to operational status
Incremental Migration
A migration approach that moves systems or data in small, manageable pieces rather than all at once
Istio
An open-source service mesh platform that provides traffic management, security, and observability for microservices architectures
Kubernetes
An open-source container orchestration platform for automating deployment, scaling, and management of containerized applications
Legacy Modernization
The process of updating or replacing outdated legacy systems with modern technologies to improve performance and maintainability
Lift, Tinker, and Shift
A migration approach that combines lift-and-shift with minor modifications to optimize applications for the target environment
Liquibase
An open-source database schema change management tool that tracks, versions, and deploys database changes
Load Balancer
A device or software that distributes network traffic across multiple servers to ensure reliability and optimal resource utilization
Maintenance
Ongoing activities to keep software systems operational, including bug fixes, updates, and performance improvements
Multi-Model Database
A database management system that supports multiple data models (relational, document, graph) within a single integrated backend
NoSQL
A category of database systems that store and retrieve data using mechanisms different from traditional relational databases
OCI
Open Container Initiative - an open governance structure for creating industry standards around container formats and runtimes
Optimization
The process of improving system performance, efficiency, or resource utilization through code changes, configuration, or architecture modifications
Pipeline
An automated sequence of processes that move code from development through testing and into production deployment
Pulumi
An infrastructure as code platform that allows defining cloud infrastructure using general-purpose programming languages
Rehosting
A migration strategy that moves applications to a new infrastructure with minimal or no changes, also known as lift-and-shift
Restore
The process of recovering data, systems, or applications from backups after data loss, corruption, or disaster
Reverse Proxy
A server that sits in front of backend servers and forwards client requests to them, providing load balancing, caching, and security
Sidecar Pattern
A design pattern where a helper container runs alongside the main application container to provide supporting features like logging or networking
SOA
Service-Oriented Architecture - an architectural style where applications are composed of loosely coupled, interoperable services
Switchover
The process of transferring operations from one system to another, typically during migration or disaster recovery scenarios
Terraform
An open-source infrastructure as code tool that enables defining and provisioning infrastructure across multiple cloud providers
Transition
The process of moving from one state, system, or approach to another, often describing the period during a migration
Undo
The capability to reverse changes or operations, returning a system to a previous state
Adapter Pattern
A structural design pattern that allows incompatible interfaces to work together by wrapping an object in an adapter
Anti-Corruption Layer
A pattern that isolates a system from external systems by translating between their models, preventing corruption of internal domain models
API
Application Programming Interface - a set of definitions and protocols that allows software components to communicate with each other
Backup
A copy of data or system configurations stored separately to enable recovery in case of data loss, corruption, or disaster
Blue-Green Deployment
A release strategy that maintains two identical production environments, allowing instant switching between versions with zero downtime
Breaking Change
A modification to software that causes existing functionality or integrations to stop working as expected
Business Continuity
Planning and preparation to ensure that critical business functions can continue during and after a disaster or disruption
Data Migration
The process of transferring data between storage types, formats, or systems while ensuring data integrity and minimal downtime
Data Ownership
The principle of assigning responsibility for data quality, access control, and lifecycle management to specific teams or services
DevOps
A set of practices combining software development and IT operations to shorten development cycles and deliver high-quality software continuously
Document Database
A type of NoSQL database that stores data as semi-structured documents, typically in JSON or BSON format
Entity
An object defined primarily by its identity rather than its attributes, maintaining continuity through state changes over time
Event-Driven Architecture
A software architecture pattern where the flow of the program is determined by events such as user actions or messages from other systems
High Availability
A system design approach that ensures a specified level of operational performance, typically measured as uptime percentage
Interoperability
The ability of different systems, devices, or applications to connect and exchange information effectively
Parallel Run
A migration strategy where old and new systems operate simultaneously to validate the new system before full cutover
Patching
The process of applying updates to software to fix bugs, address security vulnerabilities, or add minor improvements
Performance
The measure of how efficiently a system executes tasks, typically evaluated through metrics like response time, throughput, and resource usage
Phased Migration
A migration approach that divides the transition into distinct phases, each with specific goals and deliverables
Scaling
The ability to increase or decrease system capacity to handle varying workloads, either vertically or horizontally
Support
Ongoing assistance provided to users and systems to ensure proper operation, troubleshoot issues, and maintain service levels
Version Control
A system for tracking and managing changes to files and code over time, enabling collaboration and history tracking
Branching
Creating parallel lines of development in version control to work on features or fixes independently
Data Governance
A framework for managing data availability, usability, integrity, and security within an organization
Data Protection
Practices and technologies to safeguard data from unauthorized access, corruption, or loss
Documentation
Written materials that describe how software works, including guides, references, and specifications
Git
A distributed version control system for tracking changes in source code during software development
Helpdesk
A resource for users to get technical support, troubleshoot issues, and receive assistance with software or systems
Integration
The process of combining different systems, components, or software applications to work together as a unified system
Messaging
A communication pattern where systems exchange data through messages, often asynchronously
MongoDB
A popular open-source document-oriented NoSQL database designed for scalability and flexibility
Monitoring
The practice of observing and tracking system performance, health, and behavior in real-time
Planning
The process of defining goals, strategies, and steps to achieve successful project outcomes
Redundancy
Duplication of critical system components to ensure availability and reliability in case of failure
REST
Representational State Transfer - an architectural style for designing networked applications using HTTP methods
Security
Measures and practices to protect systems, networks, and data from unauthorized access and threats
Standards
Established norms, specifications, or requirements that ensure consistency and interoperability
Testing
The process of evaluating software to identify defects, verify functionality, and ensure quality
Updates
Changes or improvements applied to software to fix issues, add features, or enhance security
Value Object
An object that is defined by its attributes rather than its identity, with no distinct lifecycle
Elasticity
Elasticity is the ability of a cloud system to automatically add or remove computing resources in response to changing demand, so capacity tracks load in near real time.
Availability Zone
An availability zone is one or more discrete data centers within a cloud region, with independent power, cooling, and networking, designed to be isolated from failures in other zones.
Region
A region is a geographic area where a cloud provider operates a cluster of data centers, organized into availability zones, in which customers deploy and store resources.
Multi-Tenancy
Multi-tenancy is a software architecture in which a single deployment serves multiple customers, called tenants, while keeping each tenant's data and configuration logically isolated.
Serverless
Serverless is a cloud execution model in which the provider fully manages servers and scaling, running code in response to events and billing only for actual usage.
Function as a Service (FaaS)
Function as a service is a serverless model in which developers deploy individual functions that the cloud provider runs and scales automatically in response to events.
Infrastructure as a Service (IaaS)
Infrastructure as a service is a cloud model that provides on-demand access to fundamental computing resources such as virtual machines, storage, and networking, which customers manage themselves.
Platform as a Service (PaaS)
Platform as a service is a cloud model that provides a managed application platform, handling servers, runtimes, and scaling so developers focus on code rather than infrastructure.
Autoscaling
Autoscaling is the automatic adjustment of the number of running compute instances or resources based on demand, metrics, or schedules, without manual intervention.
Spot Instance
A spot instance is spare cloud compute capacity offered at a deep discount that the provider can reclaim with little notice, suited to fault-tolerant and interruptible workloads.
Reserved Instance
A reserved instance is a cloud pricing model in which a customer commits to using compute capacity for a one- or three-year term in exchange for a significant discount over on-demand rates.
Edge Computing
Edge computing is a model that runs processing and storage close to where data is generated or consumed, rather than in a centralized cloud region, to reduce latency and bandwidth use.
Content Delivery Network (CDN)
A content delivery network is a geographically distributed set of servers that cache and serve content from locations near users, reducing latency and offloading origin servers.
Virtual Private Cloud (VPC)
A virtual private cloud is a logically isolated section of a public cloud where a customer can define their own private network, including subnets, IP ranges, routing, and firewall rules.
Object Storage
Object storage is a data storage architecture that manages data as discrete objects with metadata and a unique identifier in a flat namespace, accessed over HTTP APIs and scaling to massive volumes.
Block Storage
Block storage is a storage architecture that splits data into fixed-size blocks presented to a server as a raw volume, on which a file system or database can be placed for low-latency, high-performance access.
Shared Responsibility Model
The shared responsibility model is a cloud security framework that divides security duties between the provider, who secures the cloud infrastructure, and the customer, who secures what they run in the cloud.
Egress
Egress is the movement of data out of a network, system, or cloud provider, often metered and billed; in cloud computing it commonly refers to data transfer leaving a provider's network to the internet or another region.
Cold Start
A cold start is the added latency incurred when a serverless function or container must initialize a fresh execution environment before handling a request, rather than reusing a warm, already-running one.
Container
A container is a lightweight, isolated unit that packages an application together with its dependencies and runs as an isolated process on a shared host operating system kernel.
Container Image
A container image is an immutable, read-only template containing an application and its dependencies, packaged as ordered filesystem layers from which running containers are created.
Container Registry
A container registry is a service that stores, versions, and distributes container images, allowing clients to push built images and pull them for deployment.
Pod
A pod is the smallest deployable unit in Kubernetes, consisting of one or more tightly coupled containers that share a network namespace, storage volumes, and lifecycle.
Deployment (Kubernetes)
A Kubernetes Deployment is a controller that declaratively manages a set of identical pods, handling rollouts, rollbacks, and scaling by maintaining the desired number of replicas.
ReplicaSet
A ReplicaSet is a Kubernetes controller that ensures a specified number of identical pod replicas are running at all times, recreating pods that fail or are deleted.
StatefulSet
A StatefulSet is a Kubernetes controller for stateful applications that provides pods with stable, unique identities, ordered deployment and scaling, and persistent per-pod storage.
DaemonSet
A DaemonSet is a Kubernetes controller that ensures a copy of a specified pod runs on every (or a selected subset of) node in the cluster, commonly used for node-level agents.
Namespace (Kubernetes)
A Kubernetes namespace is a virtual partition within a cluster that scopes resource names and enables isolation, access control, and resource quotas across teams or environments.
Ingress
Ingress is a Kubernetes resource that defines rules for routing external HTTP and HTTPS traffic to internal services, typically based on hostnames and URL paths.
Service (Kubernetes)
A Kubernetes Service is an abstraction that exposes a logical set of pods as a single stable network endpoint, providing service discovery and load balancing across them.
ConfigMap
A ConfigMap is a Kubernetes object that stores non-confidential configuration data as key-value pairs, decoupling configuration from container images so applications can be configured per environment.
Secret (Kubernetes)
A Kubernetes Secret is an object for storing and distributing small amounts of sensitive data, such as passwords, tokens, and keys, to pods with tighter handling than ordinary configuration.
Helm Chart
A Helm chart is a packaged, templated, and versioned collection of Kubernetes manifests that Helm uses to install, upgrade, and manage an application as a single releasable unit.
Operator Pattern
The Operator pattern is a Kubernetes approach that encodes operational knowledge for a specific application into custom controllers and custom resources, automating tasks like deployment, upgrades, backup, and failover.
Control Plane (Kubernetes)
The control plane is the set of Kubernetes components that manage the cluster's overall state, making global decisions such as scheduling and responding to events to drive the cluster toward its desired state.
Kubelet
The kubelet is the primary node agent in Kubernetes that runs on every worker node, ensuring the containers described in the pods assigned to that node are running and healthy.
Horizontal Pod Autoscaler
The Horizontal Pod Autoscaler is a Kubernetes controller that automatically adjusts the number of pod replicas in a workload based on observed metrics such as CPU utilization or custom metrics.
Persistent Volume
A persistent volume is a Kubernetes resource representing a piece of durable storage in the cluster whose lifecycle is independent of any individual pod, allowing data to survive pod restarts and rescheduling.
ACID
ACID is a set of four properties — Atomicity, Consistency, Isolation, and Durability — that guarantee database transactions are processed reliably even in the presence of errors, crashes, or concurrent access.
BASE
BASE (Basically Available, Soft state, Eventual consistency) is a consistency model for distributed systems that favors availability and partition tolerance over the strict guarantees of ACID, allowing data to converge over time.
CAP Theorem
The CAP theorem states that a distributed data store can simultaneously provide at most two of three guarantees — Consistency, Availability, and Partition tolerance — forcing a trade-off when a network partition occurs.
Eventual Consistency
Eventual consistency is a guarantee that, in the absence of new updates, all replicas of a piece of data will converge to the same value over time, though reads may temporarily return stale results.
Sharding
Sharding is a database scaling technique that horizontally splits a dataset across multiple servers (shards), each holding a distinct subset of rows, so that load and storage are distributed.
Partitioning
Partitioning is the practice of dividing a large table or dataset into smaller, more manageable pieces called partitions, which can be queried and maintained independently while appearing as a single logical entity.
Replication
Replication is the process of copying and maintaining database data across multiple servers so that the same data is available on more than one node, improving availability, fault tolerance, and read scalability.
Database Index
A database index is an auxiliary data structure that improves the speed of data retrieval on a table at the cost of extra storage and slower writes, by letting the engine locate rows without scanning the entire table.
Normalization
Normalization is the process of organizing relational database tables to reduce data redundancy and improve integrity by decomposing them according to normal forms and linking related data with keys.
Denormalization
Denormalization is the deliberate introduction of redundancy into a database schema — by duplicating or precomputing data — to improve read performance, accepting reduced write efficiency and integrity guarantees.
OLTP
OLTP (Online Transaction Processing) refers to database systems optimized for large numbers of short, concurrent transactions — inserts, updates, and lookups — that support day-to-day operational applications.
OLAP
OLAP (Online Analytical Processing) refers to systems optimized for complex analytical queries over large volumes of historical data, enabling aggregation, slicing, and multidimensional analysis for reporting and decision-making.
Data Warehouse
A data warehouse is a centralized analytical database that stores integrated, structured data from multiple sources, optimized for querying and reporting rather than transactional processing.
Data Lake
A data lake is a centralized repository that stores large volumes of raw data in its native format — structured, semi-structured, and unstructured — at low cost, with schema applied at read time rather than on ingestion.
Data Lakehouse
A data lakehouse is an architecture that combines the low-cost, flexible storage of a data lake with the management, transactions, and performance of a data warehouse, using open table formats over object storage.
Change Data Capture (CDC)
Change Data Capture (CDC) is a technique for identifying and capturing changes made to data in a source database — inserts, updates, and deletes — and streaming them to downstream systems in near real time.
Materialized View
A materialized view is a database object that stores the precomputed result of a query physically on disk, so reads return instantly without re-executing the underlying query, at the cost of keeping the result refreshed.
Primary Key
A primary key is a column or set of columns that uniquely identifies each row in a relational database table, enforcing uniqueness and non-null values and serving as the row's canonical identifier.
Foreign Key
A foreign key is a column or set of columns in one relational table that references the primary key of another table, enforcing referential integrity by ensuring referenced rows exist.
Large Language Model (LLM)
A large language model is a neural network trained on vast text corpora to predict the next token, enabling it to generate and understand natural language across many tasks.
Token
A token is the basic unit of text an LLM processes, typically a word fragment, whole word, or character, produced by a tokenizer and mapped to a numeric ID.
Tokenization
Tokenization is the process of splitting raw text into tokens that a model can map to numeric IDs, usually using a subword algorithm such as byte-pair encoding.
Context Window
The context window is the maximum number of tokens a language model can consider at once, covering both the input prompt and the generated output.
Embedding
An embedding is a dense numeric vector that represents the meaning of text, an image, or other data so that similar items sit close together in vector space.
Vector Search
Vector search finds items whose embeddings are closest to a query embedding, enabling semantic retrieval by meaning rather than exact keyword match.
Retrieval-Augmented Generation (RAG)
Retrieval-augmented generation is a technique that retrieves relevant documents at query time and supplies them to an LLM as context so its answers are grounded in external data.
Fine-Tuning
Fine-tuning is the process of further training a pretrained model on a smaller, task-specific dataset to specialize its behavior, style, or domain knowledge.
Prompt Engineering
Prompt engineering is the practice of designing and refining the text instructions given to a language model to steer its output toward accurate, useful results.
Inference
Inference is the process of running a trained model on new inputs to produce outputs, as opposed to the training phase that creates the model.
Training
Training is the process of adjusting a model's parameters from data so it learns to perform a task, typically by minimizing a loss function with gradient descent.
Transformer
A transformer is a neural network architecture built around self-attention that processes sequences in parallel, forming the basis of modern large language models.
Attention Mechanism
An attention mechanism lets a model weigh the relevance of different parts of its input when producing each output, focusing on the most pertinent tokens.
Hallucination
Hallucination is when a language model generates fluent, confident output that is factually incorrect, fabricated, or unsupported by its sources.
Temperature (LLM Sampling)
Temperature is a sampling parameter that scales an LLM's output probabilities, controlling how random or deterministic its token choices are.
Top-p Sampling (Nucleus Sampling)
Top-p sampling restricts an LLM's next-token choice to the smallest set of tokens whose cumulative probability exceeds a threshold p, then samples from that set.
Quantization
Quantization reduces the numeric precision of a model's weights and activations, shrinking memory use and speeding inference with limited accuracy loss.
AI Agent
An AI agent is a system that uses a language model to plan and take actions toward a goal, calling tools, observing results, and iterating with limited human input.
Model Context Protocol (MCP)
The Model Context Protocol is an open standard that defines how AI applications connect to external tools, data sources, and prompts through a uniform interface.
Foundation Model
A foundation model is a large model pretrained on broad data at scale that can be adapted, through fine-tuning or prompting, to a wide range of downstream tasks.
Zero Trust
Zero trust is a security model that assumes no user, device, or network is inherently trustworthy and requires continuous verification of every access request, regardless of its origin.
Principle of Least Privilege
The principle of least privilege is a security practice that grants each user, process, or system only the minimum access rights needed to perform its task, and no more.
Defense in Depth
Defense in depth is a security strategy that layers multiple, independent controls so that if one defense fails, others continue to protect the system.
Encryption at Rest
Encryption at rest is the protection of stored data by encrypting it on disk or in a database, so that the data is unreadable without the correct decryption keys.
Encryption in Transit
Encryption in transit protects data as it travels across a network by encrypting the communication channel, preventing eavesdropping and tampering.
Asymmetric Encryption
Asymmetric encryption is a cryptographic method that uses a mathematically linked pair of keys, a public key and a private key, where data encrypted with one key can only be decrypted with the other.
Public Key Infrastructure (PKI)
Public key infrastructure is the system of certificate authorities, digital certificates, and policies used to issue, manage, and validate public keys, binding them to verified identities.
OAuth 2.0
OAuth 2.0 is an authorization framework that lets an application obtain limited access to a user's resources on another service without exposing the user's credentials, by using access tokens.
OpenID Connect (OIDC)
OpenID Connect is an authentication layer built on top of OAuth 2.0 that lets applications verify a user's identity and obtain basic profile information using an ID token.
JSON Web Token (JWT)
A JSON Web Token is a compact, URL-safe, digitally signed token that encodes claims as JSON, commonly used to transmit identity and authorization data between parties.
Multi-Factor Authentication (MFA)
Multi-factor authentication is a security method that requires two or more independent forms of verification, drawn from different categories, before granting access.
Single Sign-On (SSO)
Single sign-on is an authentication scheme that lets a user log in once and gain access to multiple independent applications without re-entering credentials for each.
Role-Based Access Control (RBAC)
Role-based access control is an access model that assigns permissions to roles rather than individuals, and grants users access by assigning them roles.
Attribute-Based Access Control (ABAC)
Attribute-based access control is an access model that grants or denies access by evaluating policies against attributes of the user, resource, action, and environment.
Software Bill of Materials (SBOM)
A software bill of materials is a formal, machine-readable inventory of all components, libraries, and dependencies that make up a piece of software, along with their versions and relationships.
Software Supply Chain Security
Software supply chain security is the practice of protecting every stage of building and delivering software, from dependencies and build systems to distribution, against tampering and compromise.
Attestation
An attestation is a signed, machine-readable statement about a software artifact — such as how it was built or what it contains — that a consumer can cryptographically verify.
Provenance
Provenance is verifiable metadata that records where a software artifact came from and how it was built — its source, build system, and inputs — so consumers can trace and trust it.
DSSE (Dead Simple Signing Envelope)
DSSE is a standard format for wrapping a payload together with its signature so the signed content and its type are bound and tamper-evident.
SLSA (Supply-chain Levels for Software Artifacts)
SLSA is a security framework that defines graduated levels of build integrity and provenance for software artifacts, so teams can measure and improve how trustworthy their builds are.
Common Vulnerabilities and Exposures (CVE)
CVE is a public, standardized catalog that assigns a unique identifier to each publicly disclosed cybersecurity vulnerability, enabling consistent reference across tools and organizations.
Common Vulnerability Scoring System (CVSS)
CVSS is an open standard for rating the severity of security vulnerabilities, producing a numerical score from 0 to 10 based on their characteristics and potential impact.
Threat Modeling
Threat modeling is a structured process for identifying, analyzing, and prioritizing potential security threats to a system early in design, so defenses can be planned against them.
GraphQL
GraphQL is a query language and runtime for APIs that lets clients request exactly the fields they need from a single endpoint, returning a precisely shaped response.
gRPC
gRPC is a high-performance remote procedure call framework that uses HTTP/2 for transport and Protocol Buffers for compact, strongly typed message serialization.
Webhook
A webhook is an HTTP callback that one system sends to a user-supplied URL when an event occurs, pushing data to subscribers instead of requiring them to poll for changes.
Rate Limiting
Rate limiting is a technique that caps how many requests a client may make to a service within a time window, protecting capacity and enforcing fair usage.
Idempotency
Idempotency is the property that performing an operation multiple times produces the same result as performing it once, making safe retries possible in distributed systems.
Pagination
Pagination is the practice of dividing a large result set into smaller, ordered pages so that an API returns data in manageable chunks rather than all at once.
OpenAPI
OpenAPI is a language-agnostic specification for describing HTTP APIs in a machine-readable document, enabling shared contracts, documentation, and code generation.
JSON
JSON (JavaScript Object Notation) is a lightweight, text-based data interchange format that represents structured data as key-value objects and arrays.
Protocol Buffers
Protocol Buffers is a language-neutral, binary serialization format from Google that uses a schema definition to encode structured data compactly and efficiently.
WebSocket
WebSocket is a protocol that provides a persistent, full-duplex communication channel over a single TCP connection, enabling real-time two-way data exchange between client and server.
Server-Sent Events
Server-Sent Events (SSE) is a web standard that lets a server push a continuous, one-way stream of text updates to a client over a single long-lived HTTP connection.
HTTP/2
HTTP/2 is a major revision of the HTTP protocol that adds request multiplexing, header compression, and server push over a single connection to improve web performance.
HTTP/3
HTTP/3 is the third major version of HTTP, running over the QUIC transport on UDP to eliminate transport-level head-of-line blocking and speed up connection setup.
TCP
TCP (Transmission Control Protocol) is a core transport protocol that provides reliable, ordered, connection-oriented delivery of a byte stream between two hosts.
UDP
UDP (User Datagram Protocol) is a lightweight, connectionless transport protocol that sends datagrams without delivery guarantees, favoring low latency over reliability.
DNS
DNS (Domain Name System) is the internet's distributed naming system that translates human-readable domain names into the IP addresses needed to locate servers.
TLS
TLS (Transport Layer Security) is a cryptographic protocol that secures network communication by providing encryption, integrity, and authentication between two parties.
CORS
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that uses HTTP headers to let a server permit web pages from other origins to access its resources.
Latency
Latency is the time delay between a request being made and the corresponding response beginning to arrive, typically measured as round-trip time in milliseconds.
Continuous Integration (CI)
A practice where developers merge code changes into a shared repository frequently, with each merge automatically built and tested to catch integration problems early.
Continuous Delivery (CD)
A practice where software is kept in a releasable state at all times, with every change automatically built, tested, and prepared for deployment, leaving the final release as a manual decision.
Continuous Deployment
A practice where every change that passes the automated pipeline is released to production automatically, with no manual approval step.
GitOps
An operational model in which the desired state of infrastructure and applications is declared in a Git repository and automatically reconciled into the running environment by an agent.
Canary Deployment
A release strategy in which a new version is rolled out to a small subset of users or servers first, so its behavior can be observed before exposing the whole user base.
Observability
The degree to which the internal state of a system can be understood from the external data it produces, typically its metrics, logs, and traces.
Telemetry
The automated collection and transmission of measurement data from a running system to a remote location for monitoring and analysis.
Distributed Tracing
A technique that follows a single request as it propagates across multiple services, recording timing and context at each step to reveal the end-to-end path.
Span
The basic unit of work in distributed tracing, representing a single named, timed operation with a start, an end, and contextual attributes.
Metric
A numeric measurement of some aspect of a system captured over time, such as request rate, error count, or memory usage, used for monitoring and alerting.
Structured Logging
The practice of emitting log entries as machine-readable structured data, typically key-value pairs or JSON, rather than free-form text strings.
Service Level Objective (SLO)
A target value or range for a service level indicator over a period of time, expressing the desired level of reliability for a service.
Service Level Indicator (SLI)
A quantitative measure of a specific aspect of a service's level of service, such as the proportion of successful requests or requests served within a latency threshold.
Error Budget
The maximum amount of unreliability a service is allowed over a period, calculated as the difference between 100% and its service level objective.
Toil
Manual, repetitive, automatable operational work that scales linearly with service size and provides no lasting value, a key target for reduction in site reliability engineering.
Incident Management
The coordinated process for detecting, responding to, mitigating, and resolving unplanned disruptions to a service, then learning from them.
Postmortem
A written, blameless analysis produced after an incident that documents what happened, the impact, the root causes, and the actions to prevent recurrence.
On-Call
An arrangement in which designated engineers are available to respond to alerts and incidents outside normal working hours, usually on a rotating schedule.
Mean Time to Recovery (MTTR)
The average time taken to restore a service after a failure, measured from the start of an incident to its resolution.
Monolith
A monolith is an application built and deployed as a single, unified unit, where all functionality runs in one process or codebase rather than being split into independent services.
Modular Monolith
A modular monolith is a single deployable application whose internal code is organized into well-isolated modules with explicit boundaries, combining a monolith's simple operations with microservice-style separation of concerns.
Domain-Driven Design
Domain-driven design (DDD) is a software design approach that models software closely on the business domain, using a shared language between developers and domain experts and organizing the system around bounded contexts.
CQRS (Command Query Responsibility Segregation)
CQRS is a pattern that separates the model used to change data (commands) from the model used to read data (queries), allowing each side to be optimized, scaled, and evolved independently.
Event Sourcing
Event sourcing is a pattern that stores the full history of changes to application state as an immutable sequence of events, reconstructing current state by replaying those events rather than storing only the latest snapshot.
Idempotent Operation
An idempotent operation produces the same result whether it is performed once or many times, so repeating it has no additional effect beyond the first successful application.
Concurrency
Concurrency is the ability of a system to make progress on multiple tasks during overlapping time periods, structuring work so tasks can be interleaved, regardless of whether they execute simultaneously.
Parallelism
Parallelism is the simultaneous execution of multiple computations, typically across several CPU cores or machines, to complete work faster than sequential execution.
Immutability
Immutability is the property of data that cannot be changed after it is created; modifications produce new values instead of altering the original, which simplifies reasoning and concurrency.
Pure Function
A pure function always returns the same output for the same input and has no side effects, meaning it does not read or modify any state outside its own arguments.
Dependency Injection
Dependency injection is a design technique in which an object receives the other objects it depends on from an external source rather than creating them itself, improving testability and decoupling.
Garbage Collection
Garbage collection is automatic memory management in which a runtime reclaims memory occupied by objects that are no longer reachable by the program, freeing developers from manual deallocation.
Memory Safety
Memory safety is the property of a program that prevents invalid memory access such as buffer overflows, use-after-free, and null pointer dereferences, eliminating a major source of bugs and security vulnerabilities.
Type System
A type system is a set of rules in a programming language that assigns types to values and expressions and governs how they may be combined, catching certain classes of errors before or during execution.
Static Typing
Static typing is a language approach in which the types of variables and expressions are known and checked at compile time, before the program runs, catching type errors early.
Dynamic Typing
Dynamic typing is a language approach in which variable types are checked at run time rather than compile time, allowing variables to hold values of any type and offering flexibility at the cost of later error detection.
Compilation
Compilation is the process of translating source code written in a programming language into a lower-level form, such as machine code or bytecode, that a machine or runtime can execute.
Interpretation
Interpretation is the execution of a program by directly reading and running its source code or an intermediate representation, statement by statement, without first compiling it to native machine code.
Test-Driven Development
Test-driven development (TDD) is a software practice in which developers write a failing automated test before writing the code to make it pass, then refactor, repeating in short cycles.
Mocking
Mocking is a testing technique that replaces a real dependency with a controllable stand-in object, letting a test isolate the code under test and verify how it interacts with that dependency.
MIT License
The MIT License is a short, permissive open-source license that lets anyone use, modify, and distribute the software with almost no restrictions, as long as the original copyright and license notice are kept.
ISC License
The ISC License is a permissive open-source license functionally equivalent to the MIT and simplified BSD licenses, using simpler wording.
Apache License 2.0
The Apache License 2.0 is a permissive open-source license that adds an explicit patent grant and attribution requirements on top of MIT-style permissions.
BSD 3-Clause License
The BSD 3-Clause ("New" or "Modified" BSD) License is a permissive license that also forbids using the project's name or contributors to endorse derived products.
BSD 2-Clause License
The BSD 2-Clause ("Simplified" or "FreeBSD") License is a permissive license requiring only that the copyright notice and disclaimer be retained.
GNU GPL v3.0
The GNU General Public License v3.0 is a strong copyleft license: derivative works that are distributed must also be released under the GPL with their source code.
GNU GPL v2.0
The GNU General Public License v2.0 is a widely used strong copyleft license (used by the Linux kernel) requiring distributed derivatives to be released under GPL with source.
GNU LGPL v3.0
The GNU Lesser General Public License v3.0 is a weak copyleft license that lets proprietary software link to the library, while changes to the library itself stay open.
Mozilla Public License 2.0
The Mozilla Public License 2.0 is a file-level (weak) copyleft license: changes to MPL-licensed files must be shared, but they can be combined with proprietary code.
GNU AGPL v3.0
The GNU Affero General Public License v3.0 extends the GPL to network use: users who interact with the software over a network must be offered its source code.
The Unlicense
The Unlicense is a public-domain dedication that releases software with no conditions, letting anyone use it for any purpose without attribution.
CC0 1.0
CC0 1.0 is a Creative Commons public-domain dedication that waives copyright to the fullest extent the law allows; it is common for data and content.
Software Drift
Software drift is the growing gap between the dependencies, runtimes, and frameworks a codebase actually uses and their current, supported versions.
DriftScore
DriftScore is Vibgrate’s 0–100 measure of maintainability drift — how far a stack has moved from current, supported baselines — where 0 is fully current and 100 is maximum drift.
RiskScore
RiskScore is Vibgrate’s 0–100 measure of security and business exposure — the probability and consequence of harm right now — where 0 is safest and 100 is maximum risk.
DriftRisk™
DriftRisk™ is Vibgrate’s derived 0–100 executive headline, computed purely from DriftScore and RiskScore — one number for how much pressure a codebase puts on the team to act.
Exploit Prediction Scoring System (EPSS)
EPSS is a daily-updated probability estimate from FIRST, scoring each CVE from 0 to 1 on how likely it is to be exploited in the wild within the next 30 days.
Known Exploited Vulnerabilities (KEV) Catalog
The KEV catalog is CISA’s authoritative list of vulnerabilities with reliable evidence of active exploitation in the wild — confirmed fact, not prediction.
Likely Exploited Vulnerabilities (LEV)
LEV is a proposed NIST metric (CSWP 41) that estimates, from a CVE’s EPSS history, the cumulative probability the vulnerability has ever been exploited — a conservative lower bound.
Open Source Vulnerabilities (OSV)
OSV is a distributed vulnerability database and schema for open-source software, aggregating ecosystem advisory feeds with precise, package-native version matching.
GitHub Security Advisories (GHSA)
GHSA is GitHub’s curated database of security advisories for open-source packages, with maintainer-reviewed affected-version ranges and fix versions.
National Vulnerability Database (NVD)
The NVD is NIST’s database that enriches CVE records with CVSS severity scores, product identifiers, and reference data.
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC is a decision-tree methodology from CMU SEI and CISA that prioritizes vulnerabilities by contextual facts — exploitation status, automatability, and mission impact — rather than a single severity number.
Reachability Analysis
Reachability analysis determines whether the vulnerable code inside a dependency is actually invoked by your application, separating exploitable findings from theoretical ones.
Libyear
A libyear is the calendar time between the dependency version you use and the latest stable release — a simple, ecosystem-comparable measure of dependency freshness.
Lockfile
A lockfile records the exact, resolved version of every dependency in a project — direct and transitive — so installs are reproducible and the true dependency set is auditable.
End of Life (EOL)
End of life is the date after which a software version no longer receives support or security patches from its maintainer — leaving any vulnerability found afterwards permanently unpatched on that version.
Code Drift
Code drift is how far a codebase — and the AI writing in it — has moved away from current, correct, well-understood truth: current versions, correct APIs, and an accurate picture of the code's own structure.
Dependency Drift
Dependency drift is the growing gap between the dependency versions a project declares and the current, supported releases of those same packages.
AI Context Drift
AI context drift is the gap between the context an AI coding assistant works from — its training data and generic docs — and the exact versions and structure of the codebase it is editing.
Drift Budget
A drift budget is a maximum acceptable DriftScore that a project agrees not to exceed, enforced automatically in CI so drift cannot quietly grow back.
Software Currency
Software currency is how up to date a system's components are relative to their current, supported releases — the positive framing of low drift.