Proposal: Secure terminology doc
Problem to solve
Within the %12.10 retrospective issue @cam_swords proposed we create a glossary to align on common terms both internally and with our customers.we have a lot of terminology and object model complexity around our domain. As an outcome of
Unfortunately, we have some existing guidance in our docs around avoiding glossaries, see Organize By Topic Not By Type from our docs styleguide.
Would a glossary be appropriate for Secure or is there a better way of capturing this information?
- finding vs vulnerability
- cwe vs cve vs cvss
- scan vs report
- location fingerprint vs project fingerprint
- primary identifier
- vulnerability feedback
- false positive vs insignificant finding
- TP, FP, FN, ...
Consider creating a glossary of secure terms