Terminology
Service A repository of code serving a specific purpose that has been deployed to cloud infrastructure.
Deployment An instance of a service running on cloud infrastructure, either past or present.
Environment The runtime context of a service deployment:
Unassigned
Production
Corporate
Disaster Recovery
Staging
Test
Development
Sandbox
Application One or more integrated services working together to solve a larger business problem.
Tier The criticality of a service or application to business operations:
Tier 1: Severe impact
Tier 2: High impact
Tier 3: Medium impact
Tier 4: Low or no impact
Owner The group or individual accountable for a resource.
Application Owner: The technical owner of an application, typically at a manager or director level, responsible for adherence to Heeler's service-level objectives (SLOs) at the application level.
Service Owner: The owner of the code for a service, responsible for service-level SLOs.
Finding Owner: The individual responsible for addressing a finding (e.g., remediation or implementing a workaround).
Service Level Objective (SLO) An internal agreement that defines the timeframe for resolving a heeler finding.
Priority The level of precedence assigned to a finding, often determined by:
Business Impact: The degree of material or irreversible impact on the business.
Environment Impact: The risk posed to the environment, including compromise accessibility and the potential for cascading effects.
Threat: The likelihood of exploitation.
Lifecycle Status The status of a vulnerability throughout its lifecycle:
Found: Vulnerability identified.
Assigned: Ownership of the vulnerability assigned.
Coded: Fix for the vulnerability coded.
RolloutUn: The fix is in the process of being rolled out.
Verified: The fix has been verified as successful.
Vulnerability
Detected: Date and time when the vulnerability was first identified.
Last Assessed: Date and time when the vulnerability was last reassessed.
Last updated