AppSec Glossary

Term	Simple Explanation
SolarWinds Breach	A major cyberattack where hackers secretly inserted malicious code into software updates from a company called SolarWinds. This let them spy on many of SolarWinds’ customers, including government agencies and big businesses.
Transitive Dependencies	Imagine you’re building with LEGOs. You need specific bricks (dependencies). But those bricks also need other bricks to be made (transitive dependencies). If one of those underlying bricks is bad, it can affect your whole LEGO creation. In software, it’s the same idea – software relies on other software, which relies on even more software.
CVE Databases	A public list (database) of known security weaknesses (“vulnerabilities”) in software. Each weakness gets a special ID number (CVE number) so everyone can track it. Think of it like a list of known problems that need fixing.
Incident Response	What a company does after a security problem (like a hack) happens. This includes figuring out what happened, stopping the attack, fixing the damage, and preventing it from happening again. It’s like a fire drill, but for cyberattacks.
Zero-Day Disclosures	When a security weakness (“vulnerability”) is made public before the software company knows about it and has a chance to fix it. This is dangerous because hackers can quickly exploit the weakness before anyone can stop them.
Threat Modeling	Thinking like a hacker to figure out how someone might attack your system or data. It’s like planning your defenses before an attack happens, by identifying potential weaknesses and how to protect them.