# Glossary

90-9-1 rule
90% of people will watch, 9% will speak up, and 1% will actually do things.
active bystander
Someone who takes steps that will make a difference when they observe a conflict or unacceptable behavior.
active listening
A discussion technique in which people summarize each other's statements in order to ensure they have understood them correctly.
actor
Something that can take actions of its own volition.
actual result (of test)
The value generated by running code in a test. If this matches the expected result, the test passes; if the two are different, the test fails.
agile development
An iterative approach to software development built around several short feedback loops rather than long-range planning.
ally
Someone who actively promotes and supports inclusivity.
alpha geek
A colloquial term for the most technically savvy person in a group.
already invented here syndrome
An unwillingness to revisit previous design or implementation decisions even when new information surfaces. See also: not invented here syndrome.
analysis & estimation
The process of determining what work needs to be done and how long it's likely to take so that a prioritized schedule can be drawn up.
analysis paralysis
The inability to make a decision because there is too much information to process and/or too many options to consider.
API key
A unique identifier (usually randomly generated) used to authenticate a user or an application. Most web services require client applications to provide an API key at the start of a session or for each transaction.
assertion
A Boolean expression that must be true at a certain point in a program. Assertions may be built into the language (as in Python) or provided as a function (as in JavaScript).
attention-deficit/hyperactivity disorder (ADHD)
A constellation of personality traits that include someone having difficulty controlling what they pay attention to and higher-than-average physical restlessness.
auto-completion
A technique implemented by many interactive text interfaces that completes a command, variable name, filename, or other text when the tab key is pressed.
automated program repair
The use of algorithms to fix bugs, typically by pattern matching or by checking common solutions against a test suite.
back door
A way to access software or data that isn't publicized or that doesn't require authentication. Programmers sometimes create back doors to simplify testing or administration, but they are often exploited by attackers.
big-bang integration
Bringing all of the modules that make up an application together at once instead of one by one. It usually fails.
Boehm Curve
Shows that the cost of fixing a bug climbs quickly if the bug is found later in the software development cycle
branch
A snapshot of a version of a repository. Multiple branches can capture multiple versions of the same repository.
branch-per-feature workflow
A common strategy for managing work with version control systems in which a separate branch is created for work on each new feature or each bug fix and merged when that work is completed.
breakpoint
A point in the program (typically the start of a line) where the debugger is to halt the program so its state can be inspected. See also: conditional breakpoint.
Brook's Law
The claim that adding people to a project that's late makes it later (because people already on the team must now spend their time getting newcomers up to speed).
BSD license
An open software license that requires people to acknowledge the source of the software, but does not require derived work to be open; legally equivalent to the MIT License.
build manager
A program that keeps track of how files depend on one another and runs commands to update any files that are out-of-date.
build number
A unique serial number associated with a particular compiled and/or packaged version of software; the least significant component in semantic versioning.
bullshit
Deliberate mistruth or misrepresentation. Unlike lying, bullshit doesn't attempt to conceal the truth, but rather disregards it entirely Frankfurt2005.
business rule
A rule by which business is conducted, such as, "Apply discounts before adding sales tax," or, "Library patrons are only allowed to renew a loan if no one is waiting for that item." Software embodies business rules, but increasingly business rules are designed around what software can and cannot do.
byte code
A set of instructions designed to be executed efficiently by an interpreter.
casual threat
A low-effort threat from a relatively unskilled attacker.
catch (an exception)
To accept responsibility for handling an error or other unexpected event.
CC-BY
The Creative Commons - Attribution License, which allows copying, derived works, and for-profit sale so long as the original source is acknowledged.
CC0
A shorthand for putting something in the public domain, i.e., imposing no restriction of any kind on its use.
centralized system
A system in which components communicate with or are controlled by a single coordinating component. Centralized systems are easy to build but difficult to scale, and the central component gives them a single point of failure. See also: decentralized system.
chaotic decomposition
To divide work between team members without planning or coordination. It invariably results in some things not being done, others being done multiple times, and the finished products not working together. See also: feature decomposition, functional decomposition, modular decomposition, rotating decomposition.
chunking
The act of grouping related concepts together so that they can be stored and processed as a single unit.
clone
A copy of a repository or the act of making a copy of a repository.
code browser
A tool for navigating code more quickly than is possible in a conventional text editor. Code browsers typically include the ability to jump to the definition of a class or to references to a variable.
code coverage
How much of a program is executed when tests run. This is normally reported as a percentage: for example, if 40 out of 50 lines in a file are run during testing, those tests have 80% code coverage.
code metric
A quantitative measure of some aspect of source code. The simplest and most widely used metric is the number of lines of code (LoC) or the number of lines once blank lines and comments are discounted. Many other metrics have been proposed; there is little evidence that any of them are better at predicting effort or fault rates than LoC ElEmam2001.
code review
The act of reading source code to find errors, design flaws, opportunities for refactoring, and style violations, or simply to learn from it.
cognitive bias
A systematic deviation from objectivity. For example, recency bias leads us to place more weight on recent events or impressions than older ones.
cognitive dimensions of notation
A set of design principles for user interfaces and programming languages Green1996.
cognitive load
The mental effort needed to solve a problem. Cognitive load theory divides this into intrinsic, germane, and extraneous load, and holds that people learn fastest when germane and extraneous load are reduced.
cognitive transition
A change from one way of thinking to another, such as the one that occurs as someone goes from being a novice to being a competent practitioner in some domain.
comma-separated values (CSV)
A text format for tabular data in which each record is one row and fields are separated by commas. There are many minor variations, particularly around how strings are quoted.
commit
The act of saving a set of changes to a database or version control repository, or the changes saved.
commit message
A comment attached to a commit that explains what was done and why.
commons
Something managed jointly by a community according to rules they themselves have evolved and adopted.
community of practice
A group of people working together on something who assist and mentor each other.
competent practitioner
Someone who can do normal tasks in some domain with normal effort under normal circumstances. See also: expert, novice.
compiled language
Originally, a language such as C or Fortran that is translated into machine instructions for execution. Languages such as Java are also compiled before execution, but into byte code instead of machine instructions, while interpreted languages like Python are compiled to byte code on the fly.
conceptual architecture
The "big picture" view of the things that make up an application and how they relate to each other. A system's conceptual architecture may include everything from the users and hardware to the class hierarchy.
conditional breakpoint
A breakpoint that only pauses the program if a user-specified condition is met (e.g., if some variable's value is zero).
confirmation loop
A feedback loop in which a person does something well because they've had opportunities to practice, which leads to them being given more opportunities and more practice, thereby "confirming" the original decision to give them the work.
conflict
A situation in which incompatible or overlapping changes have been made on different branches that are now being merged.
confounding variables
Something that isn't being measured that can nevertheless affect the result of an experiment.
console
An interactive pane in an IDE where users can evaluate expressions or issue commands.
continuous integration
A system that merges and tests changes automatically as soon as they become available, typically in a temporary copy of the project.
control group
In experimental design, the subject that don't receive a treatment. See also: treatment group.
Conway's Law
States that the structure of an application reflects the structure of the organization that produced it.
Coordinated Universal Time (UTC)
The standard time against which all others are defined. UTC is the time at longitude 0°, and is not adjusted for daylight savings. Timestamps are often reported in UTC so that they will be the same no matter what timezone the computer is in.
A form of intellectual property that grants the holder special rights (such as exclusive use) to a creative work.
critical mass
The number of people needed in order for a community of practice to become self-perpetuating.
cross-site scripting attack (XSS)
An attack in which malicious scripts are put in web pages in order to be run in the target's browser. For example, a comment on a message forum could include JavaScript that sends the viewer's personal information to the attacker.
crunch mode
To work long hours with little sleep under deadline pressure. It inevitably makes matters worse, since the time needed to fix mistakes is greater than the number of extra hours worked.
CSS selector
A pattern that identifies nodes in a DOM tree.
curly-brace language
A language that uses the same syntactic conventions as C, typically including {...} to show code blocks and update operators like +=.
dark matter developer
The majority of developers who are effectively invisible because they don't radiate information though social media or by participating in open source projects. The term was first used by Scott Hanselman.
data mining
The use of computers to search for patterns in large datasets.
dead code
A section of code that is never executed in any run of the program. Dead code is typically code that was needed at some point, but has been left in after it is no longer used because nobody is sure they can take it out.
decentralized system
A system that doesn't have a single controller or central authority like a centralized system. Decentralized systems are more robust and more scalable, but harder to build.
decision meeting
A meeting whose purpose is to make binding decisions. The term is used in contrast with discussion meeting.
defensive programming
A set of programming practices that assumes mistakes will happen and either reports or corrects them, such as inserting assertions to report situations that are not ever supposed to occur.
delta debugging
A process that automatically tests subsets of the original test fixture, then subsets of those subsets, to produce a minimal failure-inducing case.
design by contract
A style of designing software in which functions specify the pre-conditions that must be true in order for them to run and the post-conditions they guarantee will be true when they return. A function can then be replaced by one with weaker pre-conditions (i.e., it accepts a wider set of input) and/or stronger post-conditions (i.e., it produces a smaller range of output) without breaking anything else.
design for test
An approach to system design that focuses on making individual components and overall behavior as easy to test as possible.
design pattern
A recurring pattern in software design that is specific enough to be worth naming, but not so specific that a single best implementation can be provided by a library.
development process
A method for dividing the work needed in a software project into pieces and allocating those pieces to individuals.
DevOps
A set of software development, deployment, and management practices intended to shorten the development cycle and make it more reliable.
diagnostic power
The degree to which a wrong answer to a question or exercise tells the teacher what misconceptions a particular learner has.
dictionary attack
An attack that uses a known set of words to try and guess passwords.
digital signature
A method that uses cryptographic techniques to establish the authenticity of a document.
discoverability
The ease with which something can be found or stumbled upon.
discussion meeting
A meeting whose purpose is to share ideas or explore design alternatives. The term is used in contrast with decision meeting.
doc comment
A specially-formatted comment containing documentation about a piece of code that is embedded in the code itself.
docstring
Short for "documentation string", a string appearing at the start of a module, class, or function in Python that automatically becomes that object's documentation.
Document Object Model (DOM)
A standard in-memory representation of HTML and XML.
documentation generator
A software tool that extracts specially-formatted comments or dostrings from code and generates cross-referenced developer documentation.
Don't Repeat Yourself (DRY)
A software design principle that states that every piece of knowledge in a system is represented once and only once.
double blind
An experimental procedure designed to avoid bias by ensuring that neither the experimenter nor the subject knows whether someone is in the control group or treatment group.
dumpster diving
Searching through garbage in order to find items of value.
dynamic analysis
To analyze the state of a running program in order to determine its general properties and/or to find bugs. See also: static analysis.
dynamic typing
Checking the types of values as the program is running. The term is used in contrast with static typing.
effort-importance grid
A project planning tool that classifies work items according to how much effort they will require and how important they are.
elevator pitch
A short description of an idea, project, product, or person that can be delivered and understood in just a few seconds.
embedded database
A database that runs inside the user's application as a library rather than as an external service.
entity-relationship diagram
A graphical representation of the things represented in a database and how they relate to each other.
exception
An error or unusual event in a program or an object that stores information about . One part of a program will create and raise an exception to signal that something unexpected has happened; another part will catch it.
expected result (of test)
The value that a piece of software is supposed to produce when tested in a certain way, or the state in which it is supposed to leave the system. See also: actual result (of test).
expert
Someone who can diagnose and handle unusual situations, knows when the usual rules do not apply, and tends to recognize solutions rather than reasoning to them. See also: competent practitioner, novice.
expert blind spot
The inability of experts to empathize with novices who are encountering concepts or practices for the first time because they have forgotten what it's like to not know something.
external error
An error caused by something outside a program, such as trying to open a file that doesn't exist.
extraneous load
Any cognitive load that distracts from learning.
failure
The noticeable sign that something is wrong with an application.
fault
The underlying cause of a failure in software. See also: root cause.
feature boxing
A project management technique in which the scope of the change is fixed and the time needed is allowed to vary. See also: time boxing.
feature creep
Expansion of the scope of a project (e.g., the addition of new features) while work is ongoing. It usually leads to delays in release and to the software becoming less stable and less comprehensible.
feature decomposition
To divide work between team members by making each person responsible for all aspects of one feature at a time. Feature decomposition is a fine-grained alternative to modular decomposition. See also: chaotic decomposition, functional decomposition, rotating decomposition.
feigning ignorance
To pretend not to know something. People who have broken rules will sometimes pretend not to have known that the rule existed.
feigning surprise
To pretend to be surprised, as in, "Oh, I thought everyone knew about X." It isn't always intended to belittle the listener, but it usually has that effect.
fidelity
The degree to which a test captures the key features of the actual system. If components of the system have been replaced for testing purposes, or if long delays are replaced with short ones so that tests will run quickly, the test's fidelity may be compromised.
finite state machine (FSM)
A model of computation consisting of a fixed set of states and a set of transitions allowed between them. An FSM has no memory of how it got to a state, which means there are many computations FSMs cannot do.
fixture
The thing on which a test is run.
flow
A mental state in which someone feels completely immersed in a task.
fork
To make a new copy of a version control repository, or the copy that is made.
formative assessment
Assessment that takes place during a lesson in order to give both the learner and the teacher feedback on actual understanding.
functional decomposition
To divide work between team members by making each person responsible for a particular set of tasks. For example, one person could be responsible for doing all the testing. With rotating decomposition, each person's set of tasks changes over time. See also: chaotic decomposition, feature decomposition, modular decomposition.
functional magnetic resonance imaging (fMRI)
A way to measure activity in different parts of the brain by detecting changes associated with blood flow.
fuzz testing
A software testing technique that sends randomized inputs to a system.
generational garbage collection
An automatic memory management technique that improves performance by relying on the fact that recently-created objects are more likely to be recyclable than long-lived ones.
germane load
The cognitive load required to link new information to old.
GNU Public License
An open software license that requires people to share the source code of changes or extensions they make.
goal-question-metric (GQM)
A goal-oriented way to collect data defined in terms of overall goals (i.e., what we seek to change), questions whose answers will help us achieve those goals, and measurements that will help us answer those questions.
governance
The process of governing, or the set of rules by which something is governed. The governance of a software project establishes who is allowed to make what decisions and how.
GUI designer
A software tool that allows users to draw a program's interface, and which then generates some or all of the code that implements that interface.
heuristic
A rule that isn't guaranteed to solve a problem, but which frequently produces a good or good enough solution.
Hippocratic License
A software license that allows people to use and share software so long as they do not violate human rights.
hitchiker
Someone who takes credit for a project without actually doing their share of the work.
hot spot
A short section of a program that accounts for a large proportion of its running time.
Human Resources
The group within a company responsible for hiring, firing, benefits, career development, and other people-related tasks. It used to be called the personnel department, and some tech companies now refer to it as "people ops".
hypercorrection_effect
The more strongly someone believed that their answer on a test was right, the more likely they are not to repeat the error once they discover that in fact they were wrong.
implicit bias
A prejudice in favor of or against something or someone that a person is not consciously aware of.
in-memory database
A database that stores data in memory rather than on disk. In-memory databases are frequently used for testing, or are backed up by on-disk databases.
insider threat
A threat in which the attacker already has access to privileged information or critical systems because of their job or other role.
Integrated Development Environment (IDE)
An application that helps programmers develop software. IDEs typically have a built-in editor, a console to execute code immediately, and browsers for exploring data structures in memory and files on disk.
intellectual property
Something produced by thinking that people can claim ownership of. Intellectual property generally includes copyrights, patents, trademarks, and trade secrets.
internal error
An error caused by a fault in a program, such as trying to access elements beyond the end of an array.
interpreted language
A high-level language that is not executed directly by the computer, but instead is run by an interpreter that translates program instructions into machine commands on the fly.
interpreter
A program whose job it is to run programs written in a high-level interpreted language. Interpreters can run interactively, but may also execute commands saved in a file.
intimate threat
A threat in which the attacker has access to privileged information or critical systems because of their personal relationship with the target.
intrinsic load
The cognitive load required to absorb new information.
issue tracker
An application that manages a list of issues related to one or more projects. Issues represent things such as bug reports and feature requests; they may be in several states (such as "verified" or "under development"), and they may or may not be assigned to specific people.
JavaScript Object Notation (JSON)
A way to represent data by combining basic values like numbers and character strings in lists and key/value structures. The acronym stands for "JavaScript Object Notation"; unlike better-defined standards like XML, it is unencumbered by a syntax for comments or ways to define a schema. See also: YAML.
just-in-time compiler (JIT)
A compiler that runs as the program is running. JITs typically rely on profiling to identify hot spots that are worth optimizing.
label (an issue)
A short tag associated with an issue to categorize it. Common labels include bug and feature request.
layered configuration
A technique for configuring programs in which several layers of configuration are used, each overriding settings in the ones before.
legitimate peripheral participation
Doing small tasks that a community of practice regards as valuable in order to gradually become a member of that community.
lending privilege
To use one's status or advantages to benefit others, e.g., by promoting the work of someone who is less well known or by using one's status to defend someone who is the target of harassment.
license
Something that specifies the conditions under which something else may be used.
linter
Another term for a style checker. The name comes from an early tool called lint that looked for problems in C programs.
logging
Recording information about the execution of a program in a structured way for later analysis.
long tail
A part of a statistical distribution that has a wide span but only a few members.
long-term memory (LTM)
The part of memory that stores information for long periods of time. Long-term memory is large, but slow, and cannot be accessed directly. See also: short-term memory.
magic number
An arbitrary value in code that could be replaced by a named constant.
mail filter
Software that classifies email messages and/or automatically places them in specific folders based on origin or content.
Markdown
A markup language with a simple syntax intended as a replacement for HTML.
marketing
Making people aware that something exists or that they might find it useful or interesting.
Martha's Rules
A simple set of rules for making decisions in small groups.
mental model
A simplified representation of the key elements and relationships of some problem domain that is good enough to support problem solving.
merge
To combine changes from two branches in a repository. This may lead to conflicts.
microservice
A program devoted to one task that interacts with other parts of an application by communicating with them (e.g., through HTTP) rather than as a library.
milestone
A target that a project is trying to meet, often represented as a set of issues that all have to be resolved by a certain time.
MIT License
An open software license that requires people to acknowledge the source of the software, but does not require derived work to be open; legally equivalent to the BSD License.
mock object
A simplified replacement for part of a program whose behavior is easy to control and predict. Mock objects are used in unit tests to simulate databases, web services, and other complex systems.
model
An abstract representation of the states a program is allowed to be in or the operations it is supposed to be able to do. Models are typically used to define "what", while code defines "how".
model-view-controller (MVC)
A widely-used application architecture consisting of a data model, a set of displays that reflect its state and allow user interaction, and the business rules that determine what operations are allowed.
modular decomposition
To divide work among team members by making each person responsible for all aspects of work on one entire module. Modular decomposition is a coarse-grained alternative to feature decomposition. See also: chaotic decomposition, functional decomposition, rotating decomposition.
Myers-Briggs Type Indicator (MBTI)
See bullshit.
neurodivergent
Someone whose brain works differently from the average when it comes to sociability, learning, attention, and mood. The term is used in contrast with neurotypical.
neurotypical
Someone near the middle of the bell curve with respect to sociability, learning, attention, and mood. The term is used in contrast with neurodivergent.
non-disclosure agreement (NDA)
A legal agreement that forbids one or both parties from making certain information public. NDAs have legitimate uses, such as preventing ex-employees from sharing trade secrets, but businesses often use them to prevent disclosure of wrongdoing such as discriminatory hiring practices or sexual harassment.
not invented here syndrome (NIH)
The tendency to avoid using things created by others in favor of using things built internally. See also: already invented here syndrome.
novice
Someone who has not yet built a usable mental model of a domain and therefore struggles with even basic tasks. See also: competent practitioner, expert.
OCEAN model
A model of personality whose five dimensions are Openness to experience, Conscientiousness, Extraversion, Agreeableness, and Neuroticism. Unlike Myers-Briggs, the OCEAN model has a solid scientific basis.
open license
A license that allows people to re-use work, possibly with some restrictions. The MIT License is an open software license, while the CC-BY license is often used for written work.
Open-Closed Principle
A design rule stating that software should be open for extension but closed for modification, i.e., it should be possible to extend functionality without having to rewrite existing code.
package manager
A program that keeps track of the software packages installed on a computer and their dependencies on one another. Most languages have their own package manager, which complicates multi-lingual projects.
package manifest
A machine-readable file specifying the contents of a software package, its dependencies, and other information.
pair programming
A software development technique in which two people work on a single machine simultaneously. One person (the "driver") does the typing while the other (the "navigator") provides real-time feedback; the two swap roles periodically. Pair programming is sometimes called an agile practice, but predates agile development by decades.
patch
An update to an already-installed library or application.
patent
A form of intellectual property that gives an inventor exclusive right to use that invention for a fixed period of time.
path coverage
The fraction of possible execution paths in a piece of software that have been executed by tests. Software can have complete code coverage without having complete path coverage.
pattern rule
A generic rule for a build manager that describes how to update any file whose name matches a pattern.
phishing
An attack in which someone pretends to represent a legitimate organization, e.g., by sending an email that appears to come from an actual bank or university. See also: spearphishing.
placebo
An inactive ingredient or non-treatment used in an experiment to establish a baseline for a control group.
plugin
An optional add-on module for a program or library that provides extra functionality. Plugins are typically distributed separately from the main application.
post-commit hook
Code that is automatically run after a change is committed to a version control repository, e.g., to deploy the latest version of the software.
post-condition
Something that is guaranteed to be true after a function runs successfully. Post-conditions are used in design by contract and are often expressed as assertions that are guaranteed to be true of a function's result.
post-mortem
A retrospective analysis of what went right or wrong during a project.
pre-commit hook
Code that is automatically run before a change is committed to a version control repository, e.g., to check that tests pass or that the software conforms to style guidelines.
pre-condition
Something that is guaranteed to be true after a function runs successfully. Pre-conditions are used in design by contract and are often expressed as assertions that must be true of a function's inputs in order for it to run successfully.
pre-registration
Depositing a research question or study design before starting an experiment to ensure that the goalposts aren't moved to fit the data that becomes available.
preparatory privilege
The advantage someone has in an supposedly objective assessment because they had opportunities earlier in life that other people didn't.
product manager
The person responsible for defining what features a product should have.
profiler
A tool that records how much time a program spends where when it runs.
project manager
The person responsible for ensuring that a project moves forward.
pull
To down changes from a remote repository to a local one.
pull request
A request to merge changes from one repository into another.
push
To upload changes from a local repository to a remote one.
qualitative method
A research method based on closed analysis of non-numerical data. See also: quantitative method.
quantitative method
A research method based on statistical analysis of numerical data. See also: qualitative method.
quasi-experiment
An empirical study that does not assign subjects to groups at random. Many quasi-experiments study people who have self-selected into groups, e.g., compares those who have chosen to use X with those who have chosen not to.
rabbit hole
A colloquial expression referring to the entrance to a strange world. The term refers to the novel Alice in Wonderland.
raise (an exception)
To signal that something unexpected or unusual has happened in a program, which can catch it and handle it (or not). See also: throw (an exception).
raster image
An image stored as a matrix of pixels.
rebase
To rewrite the history of a version control repository, usually to collapse several consecutive commits into one.
refactoring
Reorganizing software without changing its behavior.
remote
A repository located on another computer, or a bookmark in one project that points at such a repository.
repository
A place where a version control system stores the files that make up a project and the metadata that describes their history.
Representational State Transfer (REST)
A software design strategy in which components communicate using a subset of HTTP to create, read, update, and delete data.
reproducible example (reprex)
A small, self-contained example of a problem.
requirements error
An error in defining what to build or how the system should operate. Requirements errors often result in programmers building a correct implementation of the wrong thing.
root cause
The fault that originally caused one or more failures. The term is used to distinguish the original problem from those triggered by it.
rotating decomposition
A variation on functional decomposition in which each person is responsible for one set of tasks at a time, but team members swap responsibilities periodically. See also: chaotic decomposition, feature decomposition, modular decomposition.
rotating file
A set of files used to store recent information. For example, there might be one file with results for each day of the week, so that results from last Tuesday are overwritten this Tuesday.
sanitizing data
Modifying data (particularly data supplied by an untrusted user) to remove special characters or other potential security problems.
schema
A specification of the format and contents of a particular dataset.
Schrödinger's Asshole
Someone who makes an offensive remark and then decides whether or not they were joking based on the responses of the listeners.
Scottish verdict
A declaration that something hasn't been proved one way or another.
scriptable
Used to describe an application whose users can control by writing small programs that make use of the underlying program's internal APIs.
Scrum
A particular kind of agile development that relies on short sprints (typically a week or two in length), each of which ends with delivery of working software.
security theater
Doing things that give the impression they are making a system more secure but which don't actually have any impact. The term was coined by Bruce Schneier to describe things like requiring passengers to remove their shoes before boarding a plane.
semantic versioning
A standard for identifying software releases. In the version identifier major.minor.patch, major changes when a new version of software is incompatible with old versions, minor changes when new features are added to an existing version, and patch changes when small bugs are fixed.
sense vote
A preliminary vote used to determine whether further discussion is needed in a meeting.
short-term memory (STM)
The part of memory that briefly stores small amounts of information that can be directly accessed by consciousness. See also: long-term memory.
social engineering
Exploiting people's behavior to attack a software system, e.g., tricking someone into revealing their password instead of cracking it.
sociotechnical congruence
The alignment between the social structure of an organization and the architecture of the software it uses or builds.
software portal
A web-based application for coordinating work on software projects. Portals such as Bitbucket, GitHub, and GitLab provide issue trackers and host version control repositories.
spearphishing
A phishing attack in which the attacker uses information gained from previous attacks or other targets to selectively target individuals.
sprint
A short time-boxed period of work on a software project, typically from a day to a couple of weeks long.
SQL injection attack
An attack on an application in which the attacker's text is formatted as one or more SQL queries. When that input is copied directly into a database query, the attacker is able to extract or delete data.
stand-up meeting
A brief status meeting in which project members report what they've done, what they're planning to do, and what's in their way. Stand-up meetings are a common practice in agile development.
state-level actor
An entity with the resources of a government. There is little the average person can do to safeguard against attacks by state-level actors; unfortunately, that category now includes many companies as well.
static analysis
To analyze the source code of a program in order to determine its general properties and/or to find bugs. See also: dynamic analysis.
static site generator
A program that creates HTML pages from templates and content.
static typing
Checking the types of values before a program runs to ensure that they will be valid. The term is used in contrast with dynamic typing.
straw man
An argument or opponent chosen because it can easily be defeated.
string I/O
Input and output operations that read and write text in memory rather than files on disk.
style checker
See linter.
symbolic debugger
A program that allows the user to step through the execution of another program and view the contents of memory using the same variable names and expressions used in that program's source code. See also: breakpoint.
team contract
A written agreement between members of a team about how that team will operate and what's expected of each member.
technical debt
The additional work that has piled up because of earlier design compromises, changing circumstances, and/or bugs that have not yet been addressed.
test framework
See test runner.
test runner
A program that finds and runs software tests and reports their results.
test suite
A set of related unit tests, usually stored in files that follow a prescribed naming convention.
test-driven development (TDD)
A programming practice in which tests are written before a new feature is added or a bug is fixed in order to clarify the goal.
throw (an exception)
Another term for raising an exception.
time boxing
A project management technique in which the length of time is fixed and the scope of the work is allowed to vary. See also: feature boxing.
timestamp
A digital identifier showing the time at which something was created or accessed.
to-don't list
A list of things that are worth doing, but which the list-maker has decided they aren't going to start; the opposite of a to-do list.
tone policing
To criticize someone for expressing emotion during a discussion. Tone policing is often used to undermine arguments made by women or members of marginalized racial groups, e.g., by dismissing reports of their personal experience as "hysterical".
trade secret
A formula, business process, design, or other information that is not divulged publicly in order to give the holder a business advantage. Trade secrets are a form of intellectual property.
trademark
A form of intellectual_property that gives the holder the exclusive right to use a name or symbol.
treatment group
In experimental design, the subjects that receive some treatment or stimulus. If there are no significant differences between members of the control group and members of the treatment group, the experimenter should conclude that the treatment has no effect. See also: control group.
triage
To go through the issues associated with a project and decide which are currently priorities. Triage is one of the key responsibilities of a project manager.
two-factor authentication (2FA)
A security system that requires people to provide two different proofs of identify, such as knowing a password and being able to receive messages sent to a particular email address.
type declaration
An annotation in a program stating that a variable may only contain or refer to values of a particular data type.
Unified Modeling Language (UML)
A set of graphical notations for modeling object-oriented systems.
unit test
A test that exercises one function or feature of a piece of software and produces pass, fail, or error.
use-case map
A graphical representation of the interaction between a user and a software application that traces the propagation of events through the system's conceptual architecture.
user story
An informal description of how someone would use a software application. User stories are a lightweight way to specify features and requirements.
version number
A number or set of numbers that uniquely identify a specific version of a piece of software. See also: semantic versioning.
virtual machine (VM)
A program that pretends to be a computer. This may seem a bit redundant, but VMs are quick to create and start up, and changes made inside the virtual machine are contained within that VM so we can install new packages or run a completely different operating system without affecting the underlying computer.
waterfall model
A project management method in which requirements gathering, design, implementation, testing, and deployment are each done once, to completion, in exactly that order. This process was first described in Royce1970 as something that couldn't possibly work, but advocates of other processes frequently use it as a straw man.
What You See Is What You Get (WYSIWYG)
Describes an interface that displays exactly what the finished product will look like. A text editor showing HTML markup is not WYSIWYG; a graphical text editor like Microsoft Word is.
workflow diagram
A graphical representation of the steps taken to accomplish a task.
working memory
The part of short-term memory that handles immediate conscious perceptual and linguistic processing.
YAML
Short for "YAML Ain't Markup Language", a way to represent nested data using indentation rather than the parentheses and commas of JSON. YAML is often used in configuration files and to define parameters for various flavors of Markdown documents.