Terminology

Service A repository of code serving a specific purpose that has been deployed to cloud infrastructure.

Deployment An instance of a service running on cloud infrastructure, either past or present.

Environment The runtime context of a service deployment:

• Unassigned

• Production

• Corporate

• Disaster Recovery

• Staging

• Test

• Development

• Sandbox

Application One or more integrated services working together to solve a larger business problem.

Tier The criticality of a service or application to business operations:

• Tier 1: Severe impact

• Tier 2: High impact

• Tier 3: Medium impact

• Tier 4: Low or no impact

Owner The group or individual accountable for a resource.

• Application Owner: The technical owner of an application, typically at a manager or director level, responsible for adherence to Heeler's service-level objectives (SLOs) at the application level.

• Service Owner: The owner of the code for a service, responsible for service-level SLOs.

• Finding Owner: The individual responsible for addressing a finding (e.g., remediation or implementing a workaround).

Service Level Objective (SLO) An internal agreement that defines the timeframe for resolving a heeler finding.

Priority The level of precedence assigned to a finding, often determined by:

• Business Impact: The degree of material or irreversible impact on the business.

• Environment Impact: The risk posed to the environment, including compromise accessibility and the potential for cascading effects.

• Threat: The likelihood of exploitation.

Lifecycle Status The status of a vulnerability throughout its lifecycle:

• Found: Vulnerability identified.

• Coded: Fix for the vulnerability coded.

• Rollout: The fix is in the process of being rolled out.

Vulnerability

• Detected: Date and time when the vulnerability was first identified.

• Last Assessed: Date and time when the vulnerability was last reassessed.