<dt>AA</dt>
<dd>Architecture Assessment (SAMM Practice)</dd>
<dt>ADFS</dt>
<dd>Active Directory Federation Services</dd>
<dt>ASVS</dt>
<dd>OWASP Application Security Verification Standard</dd>
<dt>AV</dt>
<dd>Anti-Virus</dd>
<dt>BOM</dt>
<dd>Bill of Materials</dd>
<dt>CBT</dt>
<dd>Computer-Based Training</dd>
<dt>CPE</dt>
<dd>Common Platform Enumeration</dd>
<dt>CVE</dt>
<dd>Common Vulnerabilities and Exposures</dd>
<dt>CVSS</dt>
<dd>Common Vulnerability Scoring System</dd>
<dt>CWE</dt>
<dd>Common Weakness Enumeration</dd>
<dt>DAST</dt>
<dd>Dynamic Application Security Testing</dd>
<dt>DDoS</dt>
<dd>Distributed Denial of Service</dd>
<dt>DevOps</dt>
<dd>Integrated Development and Operations/dd>
<dt>DevSecOps</dt>
<dd>Integrated Development, Security, and Operations/dd>
<dt>DM</dt>
<dd>Defect Management (SAMM Practice)</dd>
<dt>DOD</dt>
<dd>Definition of Done</dd>
<dt>DOR</dt>
<dd>Definition of Ready</dd>
<dt>DoS</dt>
<dd>Denial of Service</dd>
<dt>DSL</dt>
<dd>Domain-Specific Language</dd>
<dt>EM</dt>
<dd>Environment Management (SAMM Practice)</dd>
<dt>EG</dt>
<dd>Education and Guidance (SAMM Practice)</dd>
<dt>ESB</dt>
<dd>Enterprise Service Bus</dd>
<dt>GDPR</dt>
<dd>General Data Protection Regulation (European Union law)</dd>
<dt>HSM</dt>
<dd>Hardware Security Module</dd>
<dt>IAM</dt>
<dd>Identity and Access Management</dd>
<dt>IAST</dt>
<dd>Interactive Application Security Testing</dd>
<dt>IDE</dt>
<dd>Integrated Development Environment</dd>
<dt>IM</dt>
<dd>Incident Management (SAMM Practice)</dd>
<dt>IP</dt>
<dd>Internet Protocol</dd>
<dt>ISO</dt>
<dd>International Standards Organization</dd>
<dt>KPI</dt>
<dd>Key Performance Indicator</dd>
<dt>LDAP</dt>
<dd>Lightweight Directory Access Protocol</dd>
<dt>LMS</dt>
<dd>Learning Management System</dd>
<dt>NIST</dt>
<dd>National Institute of Standards and Technology (US Agency)</dd>
<dt>NVD</dt>
<dd>National Vulnerability Database (US)</dd>
<dt>OM</dt>
<dd>Operational Management (SAMM Practice)</dd>
<dt>OS</dt>
<dd>Operating System</dd>
<dt>OWASP</dt>
<dd>Open Web Application Security Project</dd>
<dt>PC</dt>
<dd>Policy and Compliance (SAMM Practice)</dd>
<dt>PCI</dt>
<dd>Payment Card Industry</dd>
<dt>PCI DSS</dt>
<dd>Payment Card Industry Data Security Standard</dd>
<dt>QA</dt>
<dd>Quality Assurance</dd>
<dt>RASP</dt>
<dd>Runtime Application Self-Protection</dd>
<dt>RCA</dt>
<dd>Root Cause Analysis</dd>
<dt>RT</dt>
<dd>Requirements-driven Testing (SAMM Practice)</dd>
<dt>REST</dt>
<dd>REpresentational State Transfer</dd>
<dt>SA</dt>
<dd>Security Architecture (SAMM Practice)</dd>
<dt>SAMM</dt>
<dd>Software Assurance Maturity Model</dd>
<dt>SAST</dt>
<dd>Static Application Security Testing</dd>
<dt>SB</dt>
<dd>Secure Build (SAMM Practice)</dd>
<dt>SD</dt>
<dd>Secure Deployment (SAMM Practice)</dd>
<dt>SDK</dt>
<dd>Software Development Kit</dd>
<dt>SDLC</dt>
<dd>Software Development Life Cycle</dd>
<dt>SIEM</dt>
<dd>Security Information and Event Management</dd>
<dt>SIP</dt>
<dd>Session Initiation Protocol</dd>
<dt>SLA</dt>
<dd>Service Level Agreement</dd>
<dt>SM</dt>
<dd>Strategy and Metrics (SAMM Practice)</dd>
<dt>SMART</dt>
<dd>Specific, Measurable, Actionable, Relevant, and Time-bound</dd>
<dt>SME</dt>
<dd>Subject Matter Expert</dd>
<dt>SOAP</dt>
<dd>Simple Object Access Protocol</dd>
<dt>SP</dt>
<dd>Special Publication (NIST Document)</dd>
<dt>SR</dt>
<dd>Security Requirements (SAMM Practice)</dd>
<dt>SSCE</dt>
<dd>Secure Software Center of Excellence</dd>
<dt>SSO</dt>
<dd>Single Sign-On</dd>
<dt>ST</dt>
<dd>Security Testing (SAMM Practice)</dd>
<dt>STRIDE</dt>
<dd>Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege</dd>
<dt>SWIFT</dt>
<dd>Society for Worldwide Interbank Financial Telecommunication</dd>
<dt>TA</dt>
<dd>Threat Assessment (SAMM Practice)</dd>
<dt>TLS</dt>
<dd>Transport Layer Security</dd>
<dt>TPM</dt>
<dd>Trusted Platform Module</dd>
<dt>UAT</dt>
<dd>User Acceptance Test</dd>
<dt>VA</dt>
<dd>Vulnerability Analysis</dd>
<dt>VCS</dt>
<dd>Version Control System</dd>
<dt>WAF</dt>
<dd>Web Application Firewall</dd>
<dt>ZAP</dt>
<dd>OWASP Zed Attack Proxy</dd>
<dt></dt>
<dd></dd>
OWASP SAMM is published under the CC BY-SA 4.0 license and we share the OWASP Privacy Policy
Template by Bootstrapious. Ported to Hugo by DevCows