Glossary
Abstract factory Creational design pattern aimed at hiding complexity during object creation.
ACID Properties often used in the context of software transactions. The acronym stands for atomicity, consistency, isolation, and durability.
Adapter Structural design pattern that improves interoperability by wrapping another object, redefining its interface.
Agile Methodology used in project management and software engineering. It is based on the idea of continuous, incremental, and iterative sequences of work (namely, sprints).
Ambiguous interfaces Design smell specific to APIs. It happens when they are not clearly and well defined.
Amdahl’s law Formula that defines how to theoretically measure the speedup introduced by parallelization.
API Application programming interface. It defines how communication is meant to happen between various components, systems, or objects.
Array Basic data structures that store homogeneous elements. These elements can be accessed by means of indexing.
Asset A general term used to refer to anything that is valuable for an organization.
Asymptotic analysis A mathematical approach to limit a behavior. In computer science, it is used to describe the performances of algorithms.
Atomicity In concurrent programming, atomicity refers to an operation that can’t be broken down into multiple pieces and that—as a consequence—is always executed as a single step.
Availability In security, it is fundamental property of a system. It ensures that information is constantly and readily accessible by (authorized) users.
Binary search tree Data structure also known as ordered binary tree. It is a binary tree that is stored as sorted in memory in order to allow fast lookup, add, and remove operations.
Binary tree Data structure organized like a tree that enforces the following property: each node in the tree has at most two children.
Bug pollution Terms used to refer to bugs growing in size and number within in a system. This usually happens when they are not promptly addresses.
Builder Creational design pattern that simplifies the creation of a complex object by breaking down the creation into smaller separated tasks.
Chain of responsibility Behavioral design pattern used to foster decoupling the sender of request from the receiver.
CIA triad In security, a triad that describes the core security principles that needs to be considered for every system. It includes confidentiality, integrity, and availability.
Clean code lifecycle (CCLC) Lifecycle that embraces software development lifecycle (SDLC), secure software development lifecycle (SSDLC), and code review lifecycle (CRLC). It is meant to maintain clean code over time.
Code smell Term coined by Martin Fowler and Kent Beck to call out issues in the code that are indicators of deeper problems within the system.
Code reviews Technique used to systematically examine the codebase to find defects or potential flaws.
Code review lifecycle (CRLC) Lifecycle that ensures, by means of different review types, that the codebase qualitatively improves over time.
Coding conventions Guidelines that vary for each programming language. They include recommendation regarding style, indentation, comments, common practices, and so on.
Coupling The number of dependencies between classes, methods, and interfaces within the code.
Cyclic dependency Design smell also known as circular dependency. It happens when two or more components depend on each other.
Comments Human readable explanation of the purposes and inner working of the source code.
Comments-driven development (CDD) Methodology used in computer programming that is centered on writing plain text description of the code first, then the actual implementation.
Complete mediation Fundamental principle of secure systems. It states that every request by a subject to access an object in the system must be authorized, without any exceptions.
Composite Structural design pattern that aims managing a group of complex objects and single objects exposing similar functionalities in a uniform manner.
Composition In object-oriented programming, composition is a way to group simple objects into more complex ones.
Concurrency Refers to the ability of a software system to execute multiple independent pieces of computation without affecting the final result.
Confidentiality Fundamental property of a secure system. If ensured, only the subjects authorized to access to information within a system can actually do it.
Consistency In concurrent programming, consistency ensures that each operation starts from a valid state, and after its execution, the system is in a valid state as well.
Control structures In programming, it is a code block that changes the sequence of logic that a program executes at runtime.
Core The basic computational unit within a CPU.
Cost benefit analysis (CBA) Approach oftentimes used in project management to estimate the strengths and weaknesses of possible alternatives.
Countermeasure In security, a countermeasure is an action aimed at mitigating the likelihood of a potential risk becoming a reality.
CPU Central processing unit. Basic computational circuit in a computer.
Critical section In concurrent programming, it is a portion of shared code/memory that needs to be protected by concurrent accesses in order to guarantee correctness of the system.
Critical region Alternative name for the critical section.
Data structure Collection of elements, organized according to inner rules. Depending on the internal organization, an interface is provided in order to operate on data. Common operations are access, add, remove, and search.
Deadlock In concurrent programming, a deadlock is an unwanted condition that happens if two or more processes are blocking each other. This happens if each of them is waiting for the release of a given resource from the others.
Decorator Structural design pattern that enables reusability by means of enhancing an object’s behavior.
Defense in depth Fundamental principle in security. It specifies that a system must provide multilayer protection. The core idea is that if one layer is breached, the others can compensate and let the system remain secure.
Design (SDLC) Phase of the software development lifecycle that aims at defining the software architecture, together with coding guidelines, languages and tools, frameworks, and platforms.
Design document specification (DSS) Specification that documents the output of the design phase.
Design pattern Well-known solution for recurrent categories of problems within software systems.
Design smell Indicators of issues at architecture/design level.
Development (SDLC) Phase of the software development lifecycle that aims—as the name says—at actually developing the code according to design document specification (DSS).
Dining philosophers problem In concurrent programming, a problem known for explaining deadlocks and race conditions happening in a concurrent access to shared resources.
Doubly linked list A data structure where each element is represented as a node with a reference to the previous and subsequent element in the list.
Durability In concurrent programming, this property ensures that a transaction performed on the system must persist over time
Facade Structural design pattern that provides a simpler interface for different other more complex interfaces.
Factory method Creational design pattern that simplifies creating objects in such a way that there is no need to specify the specific class that needs to be created.
Fail safe Fundamental security principle. It states that if a system fails, it should fail to a state in which security and data are not compromised.
Fairness Property of concurrent systems that specify how requests are handled and served.
Feature density Design smell that happens when a component implements more than a single functionality.
Firefighting In software development, it is a condition that happens when different priorities (e.g., writing a functionality or fixing a bug) take over on each other causing a lot of context changes.
First lady components Design smell that is exhibited by a component that handles so much logic and functionalities.
FURPS+ Acronym that defines five main categories of software requirements: functional, usability, reliability, performance, and supportability. The + into the acronym indicates a set of additional requirements: implementation, interfaces, packaging, operations, and legal.
Health status In software, it indicates the overall healthiness of the system in terms of design, architecture, code, and processes.
Human resources People participating in the workforce of an organization.
Inheritance Basic property of object-oriented programming that allows a new object to take on and or extend the functionalities of an existing one.
Inline comment Single-line comment, usually used to describe very few lines of code.
Integrity Fundamental security property that ensures that a message, data, or a transaction has not been tampered.
Internet of Things (IoT) Form of distributed computation that interrelates everyday devices including, but not limited to, smartphones, sensors, and embedded devices.
Isolation In concurrent programming, this property ensures that the output of a transaction is not visible to other transactions before it successfully completes.
Iterator Behavioral design pattern that allows to navigate elements within an object, abstracting internal management.
Keywords In programming, they indicated specific terms that are part of the syntax provided by a language.
KISS Acronym of keep it simple stupid. In programming, it is a guideline that suggests to keep the code as simple as possible. The core idea is that by doing so, it would be easier after some time to work on (extend, modify, reuse) the same piece of code.
Lazy initialization Creational design pattern that allows to instantiate an object only when actually required.
Least common mechanism Fundamental security principle. It states that a minimum number of protection mechanisms should be common to users, since shared access paths may lead to information leakage.
Least privilege Security principle that requires that any subject should be given the minimum possible privilege on the minimum portion of resources for the minimum amount of time.
Linked list A data structure where each element is represented as a node with a reference to the subsequent element in the list.
Lesson learned Observation of an already executed project that should be taken into account in future projects.
Liveness Property that needs to be enforced to prove the correctness of a concurrent system. Liveness ensures that something “good” will eventually happen.
Magic numbers In programming, magic numbers are fixed values associated to variable or constant with no actual meaning.
Maintainability Property and requirement of software systems. It expresses how easy the code can be maintained (modify, extend, refactor) over time.
Mashed component Design smell that happens when a single functionality is scattered on different places on the code.
Mesh component Design smell that happens when components are heavily coupled with a lot of dependencies and oftentimes without clear and well-defined patterns.
Minimum viable product (MVP) In lean methodologies, it is defined as the minimum product that needs to be released which has the maximum return of investment (ROI).
Modifier In object-oriented programming, modifiers are keywords specific to the programming language that define how classes and methods can be accessed.
Name mangling Way to designate methods and variables as private in Python.
Non-repudiation Fundamental security principle. When enforced, any action performed cannot be denied.
Not my responsibility component Design smell that happens when a component delegates its own (logical) functionality to other components.
Observer Behavioral design pattern used when components need updates notification. According to this pattern, a component—whose state needs to be notified—stores a list of dependencies. Each and every time a change occurs, it notifies it to its stored list.
Parallel programming Refers to the ability of a software system to simultaneously execute multiple independent pieces of computation without affecting the final result.
Parameterization In programming, it refers to the usage of input variables as input to method, functions, or routines.
Pareto principle This principle—also known as the 80/20 rule—states that 20% of work causes 80% of the result.
Performances The speed at which a block of code is executed.
Post-condition A statement describing the condition which needs to hold true after the method or function has performed its duties.
Pre-condition Set of conditions that need to hold true when the method or function is called.
Problem statement Clear description of a specific issue that needs to be addressed.
Process In concurrent programming, a process is a tool that the operating systems use to run programs.
Productivity Often used as a measure of how well a team is performing.
Prototype In programming, a prototype is a codebase created in order to validate a concept. Hence, it is oftentimes not complete in functionalities: it includes just the necessary logic to prove a concept, idea, or algorithm.
Publisher-subscriber Behavioral design pattern used to monitor state changes. Similar to the observer pattern, but the dependency between who publishes and who gets the update is managed by a third-party object oftentimes referred to as broker.
Queue Basic data structure that manages elements in first in, first out (FIFO) policy.
Readability Property of software systems aiming at making the code easily understandable.
Race condition In concurrent programming, a race condition happens when the correctness of the system depends on scheduling and interleaving times of processes or threads.
Release (SDLC) Last phase in the software development lifecycle, where a product is released in the market.
Reliability Property of software system that focuses on failures and their impact.
Requirements (SDLC) Initial phase of the software development lifecycle focused on gathering information needed to be used to shape the project in terms of approach, feasibility, and operational and technical aspects.
Return of investment (ROI) A measure used to evaluate the value (e.g., efficiency, effectiveness) of an investment.
Reusability Property of software systems aimed at using methodologies and techniques to make the code easy to reuse in future development.
Risk Term used in project management to indicate an uncertain event or condition that, if it occurs, may have a positive or negative effect on one or more objectives. In the context of information security, it only refers to negative impacts and it expresses the likelihood of something bad happening.
Safety In concurrent programming, safety is the property that ensures that nothing “bad” will happen.
Secure software development lifecycle (SSDLC) Term used to refer to a software development lifecycle, where effort is done to embed security in the process.
Security General property of a system (e.g., a computer, information, and software) that embraces its protection against threats.
Security by design Refers to the need of software to be born as secure. It is designed from the ground up to be secure.
Security by obscurity In information security, it refers to recurring to hiding security mechanisms with the belief that it would increase its security. This is a very old approach and not believed to be appropriate anymore.
Security code review Code review, specifically designed to check the system against security defects.
Segregation of duties Security principle that states that no person should be given responsibility or access to more than one related function.
Singleton Creational design pattern. It restricts the number of instances of a class to a single one within the system.
SMART Acronym for specific, measurable, achievable, realistic, time bound.
Software architecture High-level view of a software.
Software development life cycle (SDLC) In simple words, it is the process of building software.
Spaghetti code Unstructured and difficult to maintain code.
Speedup Measure used to compare performances of two systems running the same program.
Starvation In concurrent programming, it happens when a piece of code never has a chance to run.
State Behavioral design pattern that enables context-aware objects.
Stack Data structure where elements are managed accordingly to a last in, first out (LIFO) policy.
Static application security testing (SAST) In security, a methodology aimed at analyzing source code in order to find security vulnerabilities.
Testing (SDLC) Phase of the software development lifecycle aimed at searching, reporting, monitoring, and fixing defects in a product or system.
Thread In concurrent and parallel programming, threads are mini-blocks of code (sub-tasks) that can run within a process.
Thread safety In concurrent programming, it is a property needed to guarantee correctness in concurrent software programs. An object is defined thread safe if, when accessed by multiple threads, its execution is correct, independently from thread’s interleaving or scheduling.
Threat In security, a threat is the possible danger arising from the exploitation of a vulnerability that may result in harm to a system and an organization.
Unstable dependency Design smell that happens if a component depends on a less stable one.
User interface (UI) A graphical representation of data and services that allows for simplified interactions between a user and a computer system.
Visitor Behavioral design pattern. It allows to decouple operational logic (i.e., algorithms) that would be otherwise scattered throughout different similar objects.
Vulnerability In security, a vulnerability is the channel that can be exploited to make a risk real.
Waterfall Methodology used in project management and software engineering. If used, all the phases of the software development lifecycle are executed in isolation and sequentially.
Weakest link Security principle that states the importance of identification and mitigation of the weakest mechanisms in the security chain.
