New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
A specification for connectors and expansion ports used by many device classes, such as SSDs. Successor to other connector types such as SATA and IDE.
Mergers and acquisitions. Corporate jargon. Spell out on first use in public-facing documents.
Media access control address. A unique identifier on a network-enabled device, one level below the IP address.
OK in formal writing if relevant, but use automation for the general technique.
In AWS, this may refer to the Instance Metadata IP address,
169.254.169.254. Do not use outside of a cloud context.
Previously styled as MailChimp.
A global series of DIY community events that started in the Bay Area. https://makerfaire.com/
A syntactically improper bit of data or code.
This represents a wide range of potential attackers from individuals to nation-states. When writing about individual threats, use attacker or malicious user.
Malicious software. A catch-all term for anything that could be called malicious including CryptoLockers, spyware, viruses, worms, trojans, and backdoors.
Mobile application management. Can also refer to media asset management. Spell out on first use.
When written as MitB, precede with “an.” Spoken out loud as the whole phrase.
When written as MitM, precede with “an.” Spoken out loud as the whole phrase. Spell out on first use. Do not use as a verb. A malicious user in this position can be described as an unauthorized intermediary or unauthorized proxy.
An open source clone of MySQL.
A predictability model that bases potential outcomes on only the previous event.
A fictional character (played by Robert Redford) who leads a security consulting team in the 1992 movie Sneakers. Because of his offensive hacking skills, we use his name in our company name.
A vulnerability that allows a user to add and modify fields to increase their privileges or gain access to private information.
The fictional AI antagonist that digitally captures Flynn in the 1982 movie Tron.
We prefer to use primary/replica to discuss inheritance and leader/follower to discuss control relationships. However, in general, refer to the alternate terminology used by the technology you are discussing. Alternatives for “master” include primary, parent, leader, and main. Alternatives for “slave” include replica, follower, child, and worker. If a component name is “master” or “slave,” put the name in the tech font, as in, “The worker node,
slave, was improperly configured.”
Megabyte. A megabyte may be 1,000 or 1,024 kilobytes (KB). No space between the number and unit, as in 75MB. Do not pluralize MB.
Managed bean. A Java object. Pronounced as “M-bean.”
Capitalization matters. MBps is megabytes per second. Mbps is megabits per second. No space between the number and unit, as in “500Mbps.”
Microcontroller unit. Spell out in public-facing documents to avoid confusion with the Marvel Cinematic Universe. Do not spell out in technical documents.
Message Digest 5. An efficient but highly insecure hashing algorithm that should never be used in situations where security is a concern. Pronounced as letters and numbers. Do not spell out.
Write the name in the tech font, as in “the
A flaw that affects Intel, AMD, and ARM chipsets. It was publicly disclosed in January 2018.
A memory cache.
A memory caching server. Pronounced as “mem-cash-dee” or “mem-cashed.”
A character with a special meaning in a programming language or regex. It must be set apart (escaped) by another character to use its literal meaning, as in
A pen testing framework.
A Metasploit payload used to establish a shell and communicate back to the attacker. Pronounced as “meh-ter-preh-ter,” similar to “interpreter.”
Multi-factor authentication. Factors are typically something you have (a badge), something you know (a password), or something you are (biometrics). Spell MFA out on first use.
Megahertz. Use a space between the number and the unit, as in “100 MHz.” Do not pluralize.
A small process or application that operates independently but is integrated with similar processes to form a larger application or service.
Write the names of specific vulnerabilities in the normal font.
Musical instrument digital interface. Do not spell out. Pronounced as “midd-ee.”
May refer to AES-256 encryption. Do not use this term; refer to the type of encryption by name instead.
Avoid using military (24-hour) time unless relevant to the context.
Ex: 0900 PDT
A hypothetical wholesome new public figure who is quickly revealed to be vile.
Corporate jargon. When broadly used, this can include people born between 1980 and 2010. It’s better to describe groups with other demographic markers (such as age ranges).
Multipurpose internet mail extensions. A MIME type or media type is a file format identifier. Do not spell out. Pronounced as “mime.”
Ex: application/json, text/html
A post-exploitation tool typically used to extract passwords during internal network assessments.
The process of reducing character count in source code. Also called minimization.
The name is derived from “Mini-Unix.” Pronounced as “minn-icks.”
A botnet worm that used IoT devices to cause DDoS in October 2016. Pronounced as “mee-rye.” Mirai means “future” in Japanese.
To lessen the impact of potential future attacks. Not interchangeable with “reduce.”
The application of compensating controls to decrease the impact of identified vulnerabilities while not fully remediating those vulnerabilities.
Man-in-the-Middle. When written as MitM, precede with “an.” Spoken out loud as the whole phrase, not the acronym. In cryptography, this can also refer to the Meet-in-the-Middle attack. Spell out on first use.
A mix of HTTP and HTTPS content on the same page that exposes the content to vulnerabilities due to the parts delivered via HTTP.
When recommending limitations on allowable characters in date fields, write this format in the tech font.
A Google Play security assessment framework. Spell out on first use.
A smartphone or tablet.
Multimedia over Coax Alliance. A standard for wired internet over coaxial cables. Pronounced as “mo-kah.”
Short for modify or modulo. Informal.
Use the normal font for software version numbers, product model numbers, serial numbers, and builds.
A single, large repository that holds code for multiple projects. Informal.
About every 18 months since 1965, the number of transistors per square inch on integrated circuits has doubled. Observed by Intel co-founder Gordon Moore.
Message of the day banner. Pronounced as letters or the whole phrase. Spell out on first use in public-facing documents.
Audio and video file types. Pronounced as letters and numbers.
A 2015-2019 TV show about a paranoid hacker that used some Bishop Fox exploits.
Millisecond. Put a space between the number and the unit, as in “250 ms.”
Microsoft SQL Server Data Engine. Spell out on first use.
A tool used for exploit development to generate shellcode.
Managed service provider. Pronounced as letters. Spell out on first use.
Microsoft SQL Server.
The factors can be something you have (a badge), something you know (password), or something you are (biometrics). Spell out on first use.
An HTML template system.