Home » Cybersecurity » SBN News » Four Common Security Acronyms Explained
Four Common Security Acronyms Explained
Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture.
I just released an updated version of the DevSecOps Reference Architecture created last year that has been updated with additional components, corrections, and mobile deployment methods. Not only can it be somewhat overwhelming to look at due to its sheer size, but it is filled with acronyms that may not generally be known by those looking to integrate security controls into their DevSecOps pipelines.
Acronyms are everywhere in technology, and when automating security scanning tools in our development pipelines it is one of the first things we notice. A software security or ethical hacking team may know each acronym stands for, but outside of the security organization people may just be starting to see these terms. SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, and what exactly do they do?
Let’s take a look at some of the acronyms that you may encounter when taking a look at not just my reference architecture, but any architecture where security controls are being automated.
OSSM / SCA
The first and most important of all security acronyms you will encounter is OSSM, also seen as OSS, which stands for Open Source Software Management. Sometimes this term is also seen as SCA, or Software Composition Analysis. I’ve seen both terms used in large enterprises referring to the same practice of managing open source components. You can think of these terms as referring to “what others packed in your suitcase”. That is, things that you don’t develop.
What’s the difference between the two terms? It’s subtle. Where OSSM refers to the management of components that enter the development environment and what (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by DJ Schleen. Read the original post at: https://blog.sonatype.com/four-common-security-acronyms-explained