Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Version 2.0

Cybersecurity Style Guide


B2B (adj. or n.)



backdoor (n. or v.)

When discussing a physical door, use a space, as in back door.

backported (adj.), backporting (n. or v.)

Adding features from a new software version into an older version of the same software.

backslash or \


badput (n.)

The rate at which data is corrupted in transit.


A password-hashing algorithm.


bandwidth (n.)

The speed or capacity of a data network measured in volume over units of time, as in 50Mbps.


bank drop (n.)

A bank account created using stolen information.

bar mitzvah attack (n.)

An SSL vulnerability and attack. So named because its security implications were realized 13 years after it first appeared in the codebase.


-based (adj.)

Always hyphenate.

Ex: host-based, logic-based, role-based


A Unix command-line interpreter and command language. The default login shell for Linux and macOS.



Beginner’s All-purpose Symbolic Instruction Code. A programming language. Do not spell out.


bastion host (n.)

A host often used as a gateway to pivot into other hosts. It should be specially hardened.


Bulletin board system.


BCC, BCC’d, BCCing (v.)

Blind carbon copy. Do not spell out.


BCP, BCPs (n.)

Business continuity plan. Spell out on first use.


A password-hashing function.



An SSL/TLS attack.

BEC (n.)

Business email compromise. Spell out on first use.


BeEF, BeEF hooking (n.)

Browser Exploitation Framework.

BER, BERs (n.)

Bit error rate. It can also stand for Basic Encoding Rules, so spell out on first use.


best practice (n.)

Practice that aligns with compliance guidelines or industry standards. Sometimes “best” practices are actually baseline requirements. In those cases, refer to them as standard practices, industry standards, basic requirements, or foundational controls. Corporate jargon; use sparingly.


An informal name for Bishop Fox. Use very sparingly and only where space is limited.


Border Gateway Protocol. Spell out on first use.

BIA (n.)

Business impact analysis. Spell out on first use.

Big Brother

The symbol of totalitarian surveillance from the novel Nineteen Eighty-Four. Big Brother is watching you.

big data (n.)



A load balancer. Pronounced like “big-I-P.”

binary (n. or adj.)

The base-2 number system used by computers. 0 or 1. Also describes data stored in this way, as in binary executable files.


A DNS server.

birds of a feather (n.)

An informal discussion group.


birthday attack (n.)

A brute-force cryptographic attack that exploits mathematical probability theory to achieve a hash collision. (The birthday paradox states that in a room of 23 people, the likelihood of two people having the same birthday is 50%, even though it seems less likely than that.)

bit (n.), -bit (adj.)

A binary digit. When abbreviated, use lowercase b for bits and uppercase B for bytes.

Ex: a key length of at least 2048 bits, a 2048-bit RSA key


An Atlassian product for Git and Mercurial.

bitcoin or Bitcoin (n.)

A digital cryptocurrency created by an unknown party known as Satoshi Nakamoto.

bit-flipped (adj.), bit flipping (n.)

Changing a bit from 1 to 0 or 0 to 1. This may describe a logical operation, an error, or an attack.


Microsoft Windows disk encryption software.

black box (n.), black-box (adj.)

Black-box testing is done without prior knowledge of the environment. Also refers to the flight recorders found on planes.

Black Hat

A series of annual security conferences that happen in the USA, Europe, and Asia.

black hat (adj. or n.)

A malicious hacker. Informal.

blacklist, blacklisting (v. or n.)

Consider using the alternate terms denylist or blocklist.

black market (adj. or n.)

Our preferred term in formal writing to describe unindexed, illegal online activity hubs. Tor and I2P are colloquially known as “dark web” browsers.

Black Mirror

A British anthology TV series. Each episode focuses on an aspect of the societal consequences of advanced technology.



An SSH certificate authority.

blind (adj.)

During a blind attack, the attacker is unable to view the outcome of an action.


BLOB or blob (n.)

Binary large object.

Blob Storage

An Azure service.

blockchain (n. or v.)

A ledger of transactions. Beware of products that claim to solve all problems through the use of blockchains.

blocklist, blocklisting (n. or v.)

An alternative term for blacklist. Use this term to match client preference in client-facing documents.


A tool used to map access relationships in Microsoft environments.


An encryption algorithm.


A Microsoft vulnerability (CVE-2019-0708) that was disclosed in May of 2019.


blue screen (n. or v.), blue-screened (v. or adj.)

To fatally fail. To abruptly, definitively, and catastrophically stop working (like a program or system). Informal.

Blue Screen of Death (BSOD) (n.)

A Windows error screen. Informal.


blue team, blue teaming (n. or v.)

Blue teams run scenarios to defend a target or environment from potential attackers. They reduce the attack surface, employ hardening strategies, and use honeypots.


A unifying wireless system named after Harald Bluetooth, a Norwegian king.

Bluetooth LE (BLE)

Bluetooth Low Energy. Spell out on first use.

BMC, BMCs (n.)

Baseboard management controller. Spell out on first use.


A sentient video game console-shaped cartoon robot from Adventure Time. Pronounced like “B-moh.”

BMP, .bmp file

The bitmap image format.


BOF (n.)

Short for buffer overflow. Spell out on first use.


An IT support portal.

Boolean operator (n.)

Used in expressions in code to evaluate a condition, or in search terms to filter results. Write in tech font.


boot (v. or n.)

The verb form is often used with “up.”

the Borg

A fictional cyborg alien group in Star Trek.

Boston Dynamics

A robotics company.

bot (n.)

An automated program like a chatbot or Twitterbot.

botnet (n.)

A network of bots sometimes used in ransomware attacks.


An esoteric programming language.



A variant of the CRIME exploit.

breach (v. or n.)

To describe the specific impact of a breach, you can say that information was exposed, disclosed, obtained, or stolen.


breakpoint (n.)

A intentional stopping point in code to allow debugging.

brick, bricked (n., v., or adj.)

An old, heavy cell phone or a dead device. A bricked device is irrecoverably broken. Informal.

brick-and-mortar (adj.)

Describes IRL places of business.

brownfield (adj.)

Describes software developed for legacy applications or environments.


Berkeley Software Distribution. A Unix derived operating system.


A global series of security events.

bucket (n.)

When discussing a type of bucket, use the normal font. When discussing a specific bucket’s name, use the tech font, as in “the oz-provision bucket.”


A crowdsourced bug bounty security company.

Burp Suite, Burp Collaborator

A web application proxy. Do not shorten to Burp in formal writing.

bus, buses (n.)

A connection between computer components.

Ex: address bus, serial bus

business impact analysis (BIA) (n.)

Spell out on first use.


Bring your own device. Describes policies that allow employees to use their own computers and phones for work. BYOD is pronounced as letters or the whole phrase.

byte (n.)

A byte is eight bits. Kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte (TB), petabyte (PB), exabyte (EB). Always write out bytes and bits, as in 10 bytes. Use the abbreviation for larger units. No space between number and unit, as in 64TB. Within abbreviations, use uppercase B for bytes (KB), lowercase b for bits (Gb).

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.