Terminology

Service A repository of code serving a specific purpose that has been deployed to cloud infrastructure.

Deployment An instance of a service running on cloud infrastructure, either past or present.

Environment The runtime context of a service deployment:

  • Unassigned

  • Production

  • Corporate

  • Disaster Recovery

  • Staging

  • Test

  • Development

  • Sandbox

Application One or more integrated services working together to solve a larger business problem.

Tier The criticality of a service or application to business operations:

  • Tier 1: Severe impact

  • Tier 2: High impact

  • Tier 3: Medium impact

  • Tier 4: Low or no impact

Owner The group or individual accountable for a resource.

  • Application Owner: The technical owner of an application, typically at a manager or director level, responsible for adherence to Heeler's service-level objectives (SLOs) at the application level.

  • Service Owner: The owner of the code for a service, responsible for service-level SLOs.

  • Finding Owner: The individual responsible for addressing a finding (e.g., remediation or implementing a workaround).

Service Level Objective (SLO) An internal agreement that defines the timeframe for resolving a heeler finding.

Priority The level of precedence assigned to a finding, often determined by:

  • Business Impact: The degree of material or irreversible impact on the business.

  • Environment Impact: The risk posed to the environment, including compromise accessibility and the potential for cascading effects.

  • Threat: The likelihood of exploitation.

Lifecycle Status The status of a vulnerability throughout its lifecycle:

  • Found: Vulnerability identified.

  • Assigned: Ownership of the vulnerability assigned.

  • Coded: Fix for the vulnerability coded.

  • RolloutUn: The fix is in the process of being rolled out.

  • Verified: The fix has been verified as successful.

Vulnerability

  • Detected: Date and time when the vulnerability was first identified.

  • Last Assessed: Date and time when the vulnerability was last reassessed.

Last updated