Glossary
All of the definitions in this glossary will be in the context of how the word is used on this website.
Collection
Common Vulnerabilities and Exposures
CVE
Component
CVE
Acronym for Common Vulnerabilities and Exposures
Device
In our context, a device is something that has attributes that can affect the security or safety posture of the system of which is a part. The device may be a physical device or a virtual device. In most cases, the devices will be a digital device as defined IEEE Std 1528.7-2020 ie a 'connected' device.
Evaluation
Kestrel
National Vulnerability Database
NVD
Acronym for National Vulnerability Database
OASIS
OASIS is a standards development organization developing PACE, CACAO, OpenC2, STIX, TAXII, and many other relevant standards.
OpenC2
Open Command & Control (OpenC2) is blah blah See OASIS OpenC2 site for more information on OpenC2.
Organization
a business, government agency, educational institution, or other entity which has assets to protect and has cybersecurity policies to protect them
PACE
Acronym for Posture Attribute Collection & Evaluation
Physical Device
A physical device is blah blah
Posture
the english definition of posture is "state or condition at a given time with respect to a capability in particular circumstances". Posture as used on this website is either the security posture or the safety posture - i.e. the classic definition but with respect to either security or safety. Assessing posture generally consists of understanding, for a given device (or system, or system of systems) the relevant attributes of that device.
Posture Attribute
(sometimes shortened to just attribute) is blah blah
Posture Attribute Collection & Evaluation
Posture Attribute Collection & Evaluation is blah blah
Product
In the context of this website, product a synonym for device
SBOM
Acronym for Software Bill of Materials
Security Policy
blah blah
Security Posture
(sometimes shortened to just posture) is
Software Bill of Materials
blah blan
System
blah blah
System of Systems
blah blah
TAXII
TAXII is an acronym for [Trusted Automated eXchange of Intelligence Information]
Thing
a synonym for device
Trusted Automated eXchange of Intelligence Information
Trusted Automated eXchange of Intelligence Information (TAXII) defines how cyber threat information can be shared via services and message exchanges. It is designed specifically to support STIX information. See OASIS TAXII site for more information.
Use Case
use case, scenario not formal definition as in UML, just an example of using
VEX
VEX is an acronymn for Vulnerability Exploitability eXchange
Virtual Device
A virtual device is blah blah
Vulnerability Exploitability eXchange
Vulnerability Exploitability eXchange (VEX) is blah blah