Proposal: Secure terminology doc
Problem to solve
Within devopssecure we have a lot of terminology and object model complexity around our domain. As an outcome of the %12.10 retrospective issue @cam_swords proposed we create a glossary to align on common terms both internally and with our customers.
Unfortunately, we have some existing guidance in our docs around avoiding glossaries, see Organize By Topic Not By Type from our docs styleguide.
Would a glossary be appropriate for Secure or is there a better way of capturing this information?
Further details
Potential terminology
- finding vs vulnerability
- cwe vs cve vs cvss
- scan vs report
- location fingerprint vs project fingerprint
- primary identifier
- vulnerability feedback
- false positive vs insignificant finding
- TP, FP, FN, ...
Proposal
Consider creating a glossary of secure terms
Who can address the issue
devopssecure Technical Writing
Other links/references
Edited by Lucas Charles