Software Development Glossary

A tree representation of the source code of a computer program.

Agile software development refers to the methodology of delivering incremental improvements continuously to adapt to market demand.

The use of artificial intelligence and machine learning models to automatically analyze source code for bugs, security vulnerabilities, and quality issues during the development process.

Alpha testing is the process where developers and QA teams within the organization test the app to identify bugs and missing features.

An API is a well-defined interface through which two software applications can communicate with each other and abstract the inner workings.

Asynchronous programming is a programming model where operations take place in a non-sequential fashion.

Backtracking is a method solving constraint-based problems incrementally while abandoning paths that verifiably fail to satisfy constraints.

Behavior-driven development (BDD) is a methodology to bridge the gap between the business needs of the software and its real features.

Beta testing is the second level of testing in which users outside the organization test the application and report bugs or request features before releasing it to a broad audience.

A software testing method that examines functionality without knowledge of internal code structure, focusing on inputs and outputs.

Refactoring is the process of editing code to reduce or eliminate technical debt, generally undertaken to reduce code smells.

A code smell is an occurrence of poor patterns that indicate more profound issues with the system design and necessitate refactoring.

A command-line interface, often abbreviated as CLI, is a computer interface where the primary form of input and output is text.

Container security encompasses the tools, policies, and practices for protecting containerized applications and infrastructure throughout the entire container lifecycle.

A software development practice of ensuring that latest changes to software are deployable at any time.

A development practice in which changes to code are integrated in a shared repository frequently, multiples times a day preferably.

Software engineering practice in which isolated code changes are immediately analyzed to detect defects before they are added to the code base.

Cross browser testing is the process of testing a web app frontend on different browsers and versions to ensure it works as intended.

A standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities, providing unique identifiers that enable coordination across the security industry.

A community-developed catalog of software and hardware weakness types, providing standardized identifiers and descriptions for security vulnerabilities.

Cyclomatic complexity is the maximum number of linearly independent paths through which control may flow in a program.

A security testing methodology that analyzes running applications by simulating attacks against exposed interfaces to identify vulnerabilities.

Data abstraction is a principle of data modeling theory emphasizing separation between the external interface and internal implementation.

A dependency graph is a directed graph that describes the dependency of an entity in the system on the other entities of the same system.

Dependency hell refers to the challenges and complications that arise when dealing with multiple software dependencies and their conflicting version requirements.

Domain name system (DNS) maps a human-friendly domain name to the corresponding IP address and stores other domain-related info.

The process of analyzing software by executing the program in real-time to find bugs, performance issues, and security vulnerabilities.

Dynamic programming improves recursive algorithms with approaches like memoization (top-down) or tabulation (bottom-up).

Exception handling is the process of dealing with error conditions in a program when they occur to prevent the app from crashing.

The proportion of non-issues incorrectly flagged as problems by an analysis tool, measured as false positives divided by total negative cases.

A declarative programming style that treats computation as the evaluation of mathematical functions.

Git is a free and open-source, secure, distributed version control system designed to achieve speed and efficiency even in large projects.

A code analysis approach that combines traditional static analysis with AI-powered review to achieve higher accuracy and lower false positive rates than either method alone.

An IDE (integrated development environment) is a kind of application that facilitates software developers in writing code.

A method of software development where the product is designed, implemented and tested incrementally until the product is finished.

Infrastructure as Code (IaC) security focuses on identifying and preventing security risks in infrastructure automation scripts and templates.

The process of taking individual units of code and testing it as a group.

A method of software development where a rudimentary version of the entire product is iterated on multiple times to get the final product.

JSON (JavaScript Object Notation) is a standard data interchange format used to transmit and store serialized data as text.

Machine learning (ML) is the study of algorithms and models that learn from large data sets and make predictions or decisions on new data.

An open protocol that enables AI assistants and coding agents to interact with external tools, data sources, and services through a standardized interface.

Memory safety refers to preventing programming errors that can lead to undefined behavior or security vulnerabilities due to improper memory management.

Object-oriented programming is a programming paradigm built on the concept of objects that contain both data and code to modify the data.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project to guide developers and security teams.

Pair programming is a technique in which two programmers, a driver, and an observer, write code in collaboration on the same workstation.

Performance testing is a form of testing that tests the speed, response time, and resource usage of software under a particular workload.

A structured summary of code quality metrics for a pull request, grading changes across dimensions like security, reliability, complexity, and test coverage.

Procedural programming is a programming paradigm built around the idea that programs are sequences of instructions to be executed.

Pseudocode is a plain language description of a computer program intended to be understood by a human rather than executed by a computer.

Rapid prototyping is the process of iterating prototypes from low to high fidelity in fast feedback loops involving extensive user reviews.

Reachability analysis is a technique that determines if vulnerable code in dependencies is actually accessible through execution paths in an application, helping prioritize and reduce false positives in security scanning.

Reactive programming is a declarative paradigm that is primarily concerned with the propagation of change in data to all its consumers.

The process of re-running functional and non-functional tests to verify the correctness of a software after a change.

A list of the most dangerous software errors that lead to security vulnerabilities, developed by SANS Institute and MITRE to guide secure development practices.

A security testing methodology that analyzes source code, bytecode, or binaries for vulnerabilities without executing the application.

SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) are complementary approaches to identifying security vulnerabilities in applications.

The process of identifying open source and third-party components in a codebase, cataloging their licenses, and detecting known vulnerabilities in those dependencies.

Shift Left Security is the practice of integrating security testing and controls earlier in the software development lifecycle to catch and fix issues sooner.

A preliminary testing approach that verifies core functionality works before conducting more detailed testing.

Slow deterioration of software performance over time leading to software becoming buggy and unusable.

Unstructured, tangled code that is difficult to understand, maintain, and modify due to poor organization and excessive interdependencies.

The process of analyzing source code to find bugs, security vulnerabilities, and quality issues without executing the program.

Structured programming is composing programs as sequences of blocks with a single entry and exit points, making them easier to understand.

Supply chain security focuses on protecting software development and delivery processes from security threats that can occur through third-party dependencies and tools.

Synchronous programming is a programming model where operations take place sequentially.

Taint analysis is an information security process used to trace the flow of user input through a system to see the security implications.

Quantification of the implied cost of additional maintenance work in future caused by making trade-offs now to deliver software faster.

Test coverage is a measure of the degree to which the test suite executes the source code of a program.

Test-driven development is the practice of writing tests before the code, where the test suite acts as the specification of requirements.

The process of breaking down a program into pieces, and subjecting each piece to a series of tests.

Usability testing is a test of whether users can accomplish their target actions by finding and accessing the features in the software.

User acceptance testing, one of the testing steps, checks whether a software application serves the end users' requirements.

Version control systems are software used to manage changes to a codebase over time to recall specific versions later.

Vulnerability Management is the systematic, ongoing process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems, software, and infrastructure to reduce organizational risk.

Waterfall development refers to the methodology of delivering large-scale improvements after more extended development periods.

A web framework is a software library that enables developers to write software that runs on the web.

The process of testing a software based on an analysis of the internal structure of the component or system.

XML (Extensible Markup Language) is a markup language for encoding documents and transmitting and storing serialized data.

YAML (YAML Ain't Markup Language) is a human-readable and human-writable data interchange format for storing and transmitting the information.

Zero Trust Security is a cybersecurity paradigm that eliminates implicit trust and requires continuous validation of every stage of digital interaction.