Glossary

CI/CD

Continuous Integration/Continuous Delivery is the combination of continuous software integration and continuous delivery in the development process.

CIS

Center for Internet Security is a non-profit organization dealing with cybersecurity issues based on community feedback. CIS Benchmarks are basic configuration indicators and recommendations for safe system setup.

CNI

Container Networking Interface is a project dedicated to standardized management of network interfaces in Linux containers and flexible extension of their network capabilities. CNI plug-ins ensure that the network interface is included in the container namespace and performs all necessary configuration on the host node.

CRI

The Container Runtime Interface (CRI) is used by the orchestrator to work with various container runtimes, without the need to recompile cluster components. The CRI defines the main protocol used for communication between cluster components and the container runtime.

CSI

Container Storage Interface is a simple unified interface that defines interaction between a storage system and a container orchestration platform.

CVE

Common Vulnerabilities and Exposures is the database for generally known information security vulnerabilities. Each vulnerability is given an identifier in the CVE-year-number format, description and several open links with descriptions.

CVSS

Common Vulnerability Scoring System is an open standard for scoring vulnerabilities. CVSS specifies a set of metrics and formulas for scoring vulnerability severity, with values from 0 (minimum) to 10 (maximum). CVSS allows you to allocate vulnerability response efforts based on vulnerability severity.

CycloneDX

CycloneDX is an SBOM standard that was developed for application security contexts and analysis of application components by assessing the availability and state of all software components.

Dynamic access controller

A configurable controller to access Kubernetes that helps enforce policies and supports the management and control system.

Exploit

Program code that takes advantage of some vulnerability in the system or in application software. Exploits are frequently used to install malware on a computer without the user's knowledge.

FSTEC

The Russian Federal Service for Technical and Export Control.

IaC

Infrastructure as a Code is an approach to managing and describing infrastructure through configuration files instead of manually editing server configurations.

Kaspersky OpenTIP

The publicly available Kaspersky Threat Intelligence Portal information system contains information about cyberthreats, safe objects, and the relationships between them.

Kaspersky TIP

The Kaspersky Threat Intelligence Portal information system that is available with premium access. The portal provides additional tools for analyzing cyberthreats, including threat lookup and Kaspersky Cloud Sandbox, as well as analytical reports about APTs, financial crime software, industrial cybersecurity threats, and the digital activity of a specific organization.

LDAP

Lightweight Directory Access Protocol is a lightweight client-server protocol for accessing directory services.

Namespace

A virtual cluster inside a Kubernetes cluster which isolates cluster resources. Each namespace has its resources: services, pods, and deployments. The Resource names must be unique to operate in one namespace, although you can use the same names in other namespaces.

Node

A physical or virtual machine on which containers with applications are deployed and run. A Kubernetes cluster consists of several nodes. The cluster has a master node which manages the cluster and worker nodes where containers operate.

NVD

The National Vulnerability Database is the United States Government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.

PCI SSC

PCI Security Standards Council is a global forum dedicated to the ongoing development, enhancement, storage, dissemination, and implementation of security standards for payment card data protection.

Pipeline

Continuous software integration and continuous delivery (CI/CD) is performed in sequence one by one.

Pod

An abstract Kubernetes object, a group of one or more application containers, including shared storage (volumes), network settings, and information about application launch. Pod is the Kubernetes management unit.

RED OS

Russian general-purpose operating system RED OS supports scanning for vulnerabilities that can threaten the functioning of services and workstations.

SBOM

A Software Bill of Materials (SBOM) is a list of all components of an object, and a description of the dependencies of components and the ways to validate and confirm the authenticity of their source.

SIEM

Security information and event management is a class of software solution that obtains and analyzes data about security events.

Sigstore

This project aimed to develop and provide tools and services for the verification of software through the use of digital signatures. Sigstore also maintains a public registry to confirm the authenticity of changes to an image.

SPDX

Software Package Data Exchange (SPDX) is an international open standard for security, license compliance, and other artifacts of the software supply chain. It is used to provide information about the origin, licensing, and security of software packages and their dependencies.

Syslog

A standard for sending and logging system event messages used for the UNIX and GNU/Linux platforms.

VDB (DSTD)

The Data Security Threats Database (DSTD or VDB) is a national vulnerability database maintained by the Russian Federal Service for Technical and Export Control (FSTEC).