Glossary
Plain-English definitions for the enterprise and Cursor terms used across the week. Every term here also appears as a hover tooltip wherever it shows up in a lesson, so you never have to leave the page to look one up.
42 of 42 terms
- ADRArchitecture Decision Record
- A short doc capturing one architecture decision and the reasoning behind it.
- blast radius
- How much breaks if a change goes wrong; the scope of potential damage.
- Bugbot
- Cursor's automated PR reviewer that posts inline findings and can push fix commits from isolated VMs.
- CABChange Advisory Board
- A group that reviews and signs off on higher-risk production changes before they ship.
- characterization test
- A test written to pin down current behavior before a refactor, so you notice if the behavior changes.
- CI/CDContinuous Integration / Continuous Delivery
- The automated pipeline that builds, tests, and ships code so changes reach production safely and often.
- CISOChief Information Security Officer
- The executive who owns security; usually the hardest and most important person to win over.
- DASTDynamic Application Security Testing
- Testing a running application for vulnerabilities from the outside.
- DORADORA metrics
- Four widely-used delivery measures: deployment frequency, lead time for changes, change failure rate, and time to restore service.
- DPAData Processing Agreement
- A contract spelling out how a vendor is allowed to handle your data.
- expand/contract
- A safe migration pattern: add the new thing, migrate to it, then remove the old, so you can roll back at each step.
- IaCInfrastructure as Code
- Managing servers and cloud resources through version-controlled config files (e.g. Terraform).
- ITGCIT General Controls
- The baseline IT controls auditors check: who can change what, how changes get approved, and how systems are run.
- ITSMIT Service Management
- The tooling and process for change and incident records, e.g. ServiceNow.
- MCPModel Context Protocol
- A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs.
- MSAMaster Service Agreement
- The overarching contract between a customer and a vendor.
- MTTRMean Time to Restore
- How long it takes to recover service after a failed change or incident.
- OIDCOpenID Connect
- A modern standard that powers single sign-on, built on OAuth.
- PIIPersonally Identifiable Information
- Data that can identify a person (names, emails, SSNs); regulated and sensitive.
- PRDProduct Requirements Document
- The spec describing what to build and why.
- Privacy Mode
- Cursor's setting that routes requests under zero-data-retention terms so providers don't store or train on your code.
- PrivateLink
- An AWS feature that keeps traffic to a service on your private network instead of the public internet.
- Project Rules
- Version-controlled instructions in the repo that every Cursor agent interaction inherits, so standards are encoded once.
- RBACRole-Based Access Control
- Granting permissions by role rather than configuring each person individually.
- RFCRequest for Comments
- A written design proposal circulated for feedback before anything gets built.
- ROIReturn on Investment
- The value gained versus what it cost, the language an economic buyer funds deals in.
- SAFeScaled Agile Framework
- A framework for coordinating many agile teams at enterprise scale, common in regulated orgs.
- SAML
- An enterprise standard that powers single sign-on.
- SASTStatic Application Security Testing
- Scanning source code for vulnerabilities without running it.
- SBOMSoftware Bill of Materials
- A list of every component and dependency in a build, like an ingredients label for software.
- SCASoftware Composition Analysis
- Scanning third-party dependencies for known vulnerabilities and license problems.
- SCIMSystem for Cross-domain Identity Management
- A standard for automatically creating and removing user accounts when people join or leave.
- separation of duties
- No single person can author, approve, and deploy the same change. The core control AI autonomy has to respect.
- SLSASupply-chain Levels for Software Artifacts
- A framework for proving how a piece of software was built and that it wasn't tampered with.
- SoDSeparation of Duties
- No single person can author, approve, and deploy the same change. The core control AI autonomy has to respect.
- SOXSarbanes-Oxley Act
- A US law that forces companies to keep auditable controls over any system that affects their financial reporting.
- SRESite Reliability Engineering
- The team and practice that keeps production reliable: monitoring, on-call, and incident response.
- SSOSingle Sign-On
- One company login (usually via SAML or OIDC) instead of a separate password per tool.
- TCOTotal Cost of Ownership
- The full cost of a tool over time, not just the sticker price (seats + enablement + overhead).
- value stream
- The end-to-end path a change takes from idea to running in production.
- WIPWork in Progress
- How many tasks are in flight at once; Kanban deliberately limits it to improve flow.
- ZDRZero Data Retention
- A contractual guarantee that the model provider won't store your code or train on it.