version v7.2.
For up-to-date documentation, see the
latest version.
Glossary
12 minute read
License
- Apache License
A permissive free software license that allows users to freely use, modify, and distribute the software, often used for open source projects. It provides an express grant of patent rights from contributors to users.
- Freeware
Software that is distributed at no cost to the user but typically retains all rights and control over usage, distribution, and modification by the author or company that distributes it.
- GNU General Public License (GPL)
A widely-used free software license that guarantees end users the freedom to run, study, share, and modify the software. Software under this license is open source and free to use under its terms.
- MIT License
A permissive free software license originating at the Massachusetts Institute of Technology.
It is simple and concise, allowing software to be freely used, modified, and distributed, while maintaining the copyright notice and permission notice in all copies or substantial portions of the software.
Security
- API Security
API Security scanners are designed to ensure that your API endpoints are protected from vulnerabilities.
- DAST (Dynamic Application Security Testing)
Involves testing an application in its running state to identify vulnerabilities.
- IaC Scanning
Involves scanning Infrastructure as Code files (such as Kubernetes manifests, Helm charts, or Terraform) to identify vulnerabilities in the software components and configurations.
- SAST (Static Application Security Testing)
Refers to the analysis of application source code without executing it, to identify security vulnerabilities early in the development process.
- SCA (Software Composition Analysis)
The practice of identifying and cataloguing all open-source and third-party components an application depends on, producing a Software Bill of Materials (SBOM). The resulting inventory enables multiple objectives: detecting known vulnerabilities, verifying license compliance, and assessing operational risks such as outdated or end-of-life components.
- Secret Detection
Involves detecting sensitive information such as passwords, API keys, and tokens in your codebase.
Software Development
- API (Application Programming Interface)
A set of rules and tools that allows different software applications to communicate with each other, facilitating integration and functionality sharing.
- Backend
The part of a software application that deals with server-side logic, database interactions, and the management of application data, not directly visible to users.
- Bug
An error or flaw in software that causes it to produce incorrect or unexpected results or behave in unintended ways.
- Code Review
The process of examining and evaluating source code by peers to improve code quality, identify bugs, and ensure adherence to coding standards.
- Continuous Integration and Continuous Delivery (CI/CD)
This practice involves automating the software development process to allow for frequent releases and updates, improving efficiency and reducing deployment risks by ensuring that code changes are continuously tested and integrated into the main codebase.
- Debugging
The process of identifying, isolating, and fixing problems or “bugs” in software code.
- DevOps
A cultural and operational approach that emphasizes collaboration between software development (Dev) and IT operations (Ops) teams to improve the speed and quality of software delivery.
- Frontend
The portion of a software application that users interact with directly; it includes the user interface and user experience components (UI/UX).
- Framework
A pre-built collection of code and tools designed to help developers build applications more efficiently by providing a structured approach.
- Git
A version control system used to track changes in source code during software development, allowing multiple developers to work collaboratively.
- Release Management
The process of planning, scheduling, and controlling the build and deployment of software releases to ensure smooth and efficient development cycles.
- SDLC
- Software Development Life Cycle (SDLC) is a process used by software developers to design, develop, test, and deploy software applications to meet user requirements.
- UI (User Interface)
The graphical layout of an application that users interact with, including buttons, text, images, and other visual elements.
- UX (User Experience)
The overall experience a user has when interacting with a software application, encompassing usability, accessibility, and the emotional impact of the interaction.
SWaaP
- Add-on Component
Add-on component is an additional component from the bundle ones. An add-on component can be specific to one platform and cannot be agnostic or need be instantiated more than once on each platform.
- Administrator/ Platform Administrator
Platform administrator is responsible for installing and maintaining the Software Factory in the platform, ensuring its stability,security, and performance.
They have elevated privileges and access to all system configurations.
- Bundle Component
Bundle component is a component part of SWaaP, which should be instantiable no more than once per platform. The component should be platform agnostic.
- Customer
An individual or organization that purchases or subscribes to a product or service.
The customer may not always be the end user of the product, for example, parents might purchase educational software for their children, but the children are the actual users.
- End User
Users are individuals who interact with the Software Factory to perform tasks related to software development, testing, or deployment.
They have relative autonomy in performing their tasks efficiently but may require assistance from administrators for certain tasks or configurations.
- SWaaP (Software Factory as a Product)
The Software Factory product package, delivered by the SWF team, ready to be instantiated on a platform.
- X-as-a-Service
An interaction mode where one team provides a service to other teams, who are consumers of this service.
It streamlines interactions by offering well-defined service interfaces, enabling other teams to focus on their primary missions without worrying about underlying complexities.
- Early Access
A stageof tool maturity that allows customers to use and provide feedback on a tool before its official release.
- General Availability
- A stage of tool maturity lifecycle when it is officially released and made accessible to all customers. At GA, the product is considered stable, fully supported, and suitable for use in platform.
A permissive free software license originating at the Massachusetts Institute of Technology.
It is simple and concise, allowing software to be freely used, modified, and distributed, while maintaining the copyright notice and permission notice in all copies or substantial portions of the software.
Project Management
- Agile Methodology
The Tribe Software Factory often employs agile frameworks (like Scrum or Kanban) to ensure flexibility, iterative progress, and quick adaptation to changes in user needs or market conditions.
- Cost of Delay
Learn how to evaluate the financial implications of delaying a project or feature, and use these insights to better manage timelines and budgets. Here’s a simplified version of how to calculate the cost of delay:
- Estimate the revenue per unit of time (say, monthly) that a new project will generate.
- Estimate the amount of time your team will need to complete the project.
- Divide the monthly-profit number by the project’s estimated time duration.
This number tells you how much money each month it will cost your organization to delay the delivery of the finished project.
- Minimum Viable Product
A Minimum Viable Product (MVP) is a version of a product that includes just enough features to attract early-adopter customers and validate the core idea of the product. The goal of the MVP is to quickly launch a usable product to a targeted group of users in order to gather their feedback and insights.
This approach was especially valuable at the start of the TDF, where the product team can leverage the early feedback and provide customers with a product that aligns closely with their basic needs.
- MoSCoW Prioritization
Also known as the MoSCoW method or MoSCoW analysis, is a widely-used technique for managing and prioritizing requirements.
This approach helps teams to determine the relative importance of various initiatives by categorizing them into four distinct groups.
The acronym MoSCoW stands for:
Must-have: These are the critical requirements that the project cannot proceed without. They are non-negotiable and fundamental to the product’s success. Failure to deliver these features will result in the project being deemed unsuccessful.
Should-have: Important requirements that add significant value, but are not critical for immediate delivery. These can be postponed if necessary, but should be included if resources and time allow.
Could-have: Desirable requirements that could improve the user experience but are not essential. These are often seen as enhancements or nice-to-haves that can be added if everything else is on track and there are still available resources.
Won’t-have (or Wish): Requirements that will not be delivered in the current scope but might be considered for future phases.
- RICE Method
A robust framework for prioritizing projects based on Reach, Impact, Confidence, and Effort.
Discover how to effectively rank your initiatives to maximize value and efficiency:
Reach: How many people will be affected by or benefit from the project ? This is often quantified over a specific period.
Impact: What is the level of impact this project will have on the individual or business? This can be a bit subjective and is often rated on a scale (e.g., 1 to 5).
Confidence: How confident are you in the estimates and assumptions regarding reach and impact? Confidence is usually expressed as a percentage, reflecting the certainty of your estimates.
Effort: How much work is required to complete this project? This is typically measured in person-months, weeks, or similar time units.
The RICE formula is calculated as follows:
- SMART Goal
The SMART framework provides the framework for setting clear, attainable goals in project management. The acronym stands for :
Specific: Define a clear, specific goal.
Measurable: Make sure your goal is measurable to track progress which helps you stay focused and meet deadlines.
Attainable: Create a realistic goal. It shouldn’t be limiting but should be attainable.
Relevant: Ensure your goal matters to you and aligns with your other goals and the needs of the organization.
GenAI
- GenAI
The use of generative AI models, such as Large Language Models, to create or transform content (for example, text, code, or images). In software development, GenAI is used to assist with coding, documentation, testing, design decisions, and natural-language interfaces to tools and systems.
- AI Agent
An AI-driven component that uses a Large Language Model and tools or APIs to plan and execute multi-step tasks. In software development, agents can perform workflows like debugging, running tests, editing files, or querying CI/CD systems based on natural-language goals.
- Context Window
The maximum amount of text (input plus output) that a Large Language Model can consider at once. In development workflows, context-window limits affect how much code, logs, or documentation you can include in a single interaction.
- Guardrails
Application-level controls that constrain or post-process model behavior and outputs. Examples include filtering sensitive data, enforcing which tools or APIs can be used, validating generated code, and blocking insecure or out-of-policy actions.
- LLM
Large Language Model. A type of machine learning model trained on large text corpora to understand and generate human-like text. In software development, Large Language Models are used for tasks such as code completion, documentation generation, refactoring suggestions, and natural-language interfaces to tools and APIs.
- PCIE
Prompts can be structured using Persona, Context, Instruction, and Example. Other established formats include CARE, 5W1H, and STAR
- Prompt
The input text given to a Large Language Model that describes the task or question. In software development, prompts can include requirements, code snippets, error messages, and style or architectural constraints that steer the model’s output.
- RAG
Retrieval-Augmented Generation. An architecture that combines a Large Language Model with a document retrieval system. At runtime, relevant documents (such as design docs, API specs, or knowledge base articles) are retrieved and passed to the model as context so it can generate answers grounded in up-to-date or project-specific information.
- System Prompt
A special part of the prompt that sets high-level instructions and behavior for the Large Language Model , such as coding style, security constraints, or the role the model should play. System prompts are typically hidden from end-users but enforced by the application.
Team Organization
- Spotify Model
An organizational framework originated at Spotify for scaling agile teams.
It emphasizes autonomous squads, tribes, chapters, and guilds, enabling teams to innovate while aligning with company priorities.
- Squads
Within a tribe, squads are small, cross-functional teams that are responsible for specific features or components of the product.
Each squad operates autonomously and follows principles of agile software development.
- Tribe
A group of multidisciplinary teams working towards a common goal or product area.
Each tribe is usually aligned with a broader business objective and fosters collaboration among its members.
- Chapters
In the Spotify model, a chapter is a group of individuals with similar skills or roles within a tribe.
Chapter Leads provide mentorship, ensure skill development, and manage the progression of their chapter members.
- Guilds
Flexible, cross-tribe communities of interest within the Spotify model, formed around shared practices, tools, or technologies.
Guilds facilitate knowledge sharing, learning, and collaboration across the organization.
- Team Topology
A framework for designing and evolving robust, productive, and agile software teams.
It centers on the concept of specific team types and clear interaction modes to improve effectiveness and flow within organizations.
- Stream-aligned Teams
In Team Topology, teams aligned to a specific flow of work, such as a product or service.
They are responsible for end-to-end delivery and continuous improvement of the stream, ensuring they can rapidly iterate and respond to customer needs.
- Platform Teams
In Team Topology, teams dedicated to building and maintaining internal platforms that support the work of other teams. Their goal is to reduce the cognitive load on stream-aligned teams by providing shared tools, services, and infrastructure.
- Enabling Teams
In Team Topology, teams that help stream-aligned teams to overcome obstacles and adopt new techniques and technologies. They provide expertise and guidance, often working temporarily with other teams to facilitate skill development and problem-solving.
- Scrum
An agile framework for managing software projects, characterized by short iterative cycles called sprints, roles (like Scrum Master and Product Owner), and regular meetings.
- Cross-functional Teams
Teams composed of members from various functional areas that work together towards a common goal. This structure promotes diverse perspectives, rapid problem-solving, and holistic product development.
- Scrum Master
A role in Scrum teams responsible for facilitating the Scrum process, removing impediments, and ensuring the team follows agile practices.
The Scrum Master helps the team improve their workflow and collaborates with stakeholders.
- Product Owner
The role within agile Scrum teams responsible for defining user stories, managing the backlog, and ensuring the product delivers value to the customers.
The Product Owner represents the user’s voice and prioritizes tasks based on business needs.