An employment arrangement, common in the United States, in which
either party can end the relationship at any time for any reason
not specifically prohibited by law.
audit trail
A chronological record of actions taken in a system that allows
later verification of who did what, when, and why.
casual threat
A low-effort threat from a relatively unskilled attacker.
community of practice
A group of people working together on something who assist and
mentor each other.
container
A lightweight, portable unit of software that packages an application
with all its dependencies and runtime environment so that it runs
consistently across different machines.
continuous integration
A system that merges and tests changes automatically as soon as
they become available, typically in a temporary copy of the
project.
contribution pathway
The documented process a newcomer follows to make their first
contribution to a project, from setting up the development environment
through submitting a pull request and getting it reviewed.
DevOps
A set of software development, deployment, and management
practices intended to shorten the development cycle and make it
more reliable.
Digital Object Identifier (DOI)
A multi-part string that uniquely identifies a published document.
FAIR Principles
Guidelines for making data findable, accessible interoperable, and
reusable.
findability
The degree to which people who could use a project are able to
discover it through search engines, software registries, and other
channels.
GNU Public License (GPL)
An open software license that requires people to share the source
code of changes or extensions they make.
governance
The rules and processes by which a project makes decisions, including
who has authority over what and how those decisions are recorded and
communicated.
hero project
A project in which one person or a small number of people are
responsible for almost all interactions.
insider threat
A threat in which the attacker already has access to privileged
information or critical systems because of their job or other
role.
intimate threat
A threat in which the attacker has access to privileged
information or critical systems because of their personal
relationship with the target.
legitimate peripheral participation
Doing small tasks that a community of practice regards as valuable
in order to gradually become a member of that community.
lottery factor
A measure of project fragility: how many people would need to be
unexpectedly unavailable before the project could not function.
A lottery factor of one means the project is one departure or illness
away from a crisis.
Martha's Rules
A simple set of rules for making decisions in small groups.
MIT License
An open software license that requires people to acknowledge the
source of the software, but does not require derived work to be
open.
motivated reasoning
The tendency to evaluate arguments more critically when they lead
to conclusions we dislike than when they support conclusions we
already hold, producing systematically biased judgments while
feeling like rigorous thinking.
passphrase
A password made up of several words. Passphrases are usually more
secure than human-generated passwords.
password manager
A program that manages passwords used by multiple sites or
applications.
persona
A brief description of a fictional character that captures key
features of a project's intended audience.
phishing
An attack in which someone pretends to represent a legitimate
organization, e.g., by sending an email that appears to come from
an actual bank or university.
pinned dependencies
Dependencies whose exact version numbers are specified in a
requirements or lock file so that the same software versions are
installed every time the project is set up.
power mapping
The process of figuring out who actually has the power to change
something.
Principle of Least Privilege
Restricting access rights for people and programs to the absolute
minimum required to perform a task.
product manager
The person responsible for defining what features a product should
have.
project manager
The person responsible for ensuring that a project moves forward.
refactoring
Reorganizing software without changing its behavior.
reproducibility
The ability to re-run a computation and get the same result, which
typically requires pinned dependencies, a clean environment, and
a documented sequence of steps starting from raw data.
Robert's Rules
A set of rules for managing large meetings and organizations.
sandbagging
Presenting a proposal to people without giving them enough time
to think it through, making it easier to push past objections that
would arise with more careful consideration.
secret rotation
The practice of replacing compromised or potentially exposed
credentials with new ones, rather than simply deleting the old ones,
since deleted secrets may still exist in logs, history, or caches.
security fatigue
A reluctance to deal effectively with security threats caused by
long periods of heightened vigilance.
security theater
Doing things that give the impression they are making a system
more secure but which don't actually have any impact.
seed
A value used to (re-)start a pseudorandom number generator (PRNG).
A PRNG will generate exactly the same sequence of values when
given the seed again.
selectorate
In selectorate theory, the full set of people whose nominal
support a leader needs to stay in power, most of whom are
interchangeable and receive few direct benefits compared to the
winning coalition.
selectorate theory
A framework for understanding political and organizational
behavior based on the observation that leaders distribute benefits
to the minimum coalition necessary to maintain power.
semantic versioning
A standard for identifying software releases. In the version
identifier major.minor.patch, major changes when a new version
of software is incompatible with old versions, minor changes
when new features are added to an existing version, and patch
changes when small bugs are fixed.
sense vote
A preliminary vote used to determine whether further discussion is
needed in a meeting.
social legibility
The ability to display tastes, manners, and cultural references
that signal membership in networks that gatekeepers recognize and
reward, which often functions as an informal filter in hiring and
selection processes.
succession plan
A document describing how responsibilities will be transferred when
a key team member leaves, specifying who takes over what, in what
order, and how to verify the handoff worked.
sustainability
The ability of a project to continue operating when key contributors
are unavailable or leave, typically measured by whether more than one
person can perform each critical function.
test coverage
The proportion of a program's code that is executed when its test
suite runs, often used as a rough proxy for how thoroughly the tests
check the software's behavior.
test-driven development (TDD)
A programming practice in which tests are written before a new
feature is added or a bug is fixed in order to clarify the goal.
testability
The degree to which a software system supports automated testing,
including whether functions can be called in isolation and whether
side effects can be verified.
two-factor authentication
A means of proving identity (e.g., to log into a computer) using
something the person has and something they know.
unit test
A test that exercises one function or feature of a piece of
software and produces pass, fail, or error.
virtual environment
An isolated directory containing a specific Python installation and
set of packages, which prevents conflicts between the requirements
of different projects on the same machine.
winning coalition
In selectorate theory, the subset of supporters whose backing a
leader actually requires to stay in power, who receive direct
benefits in exchange for their loyalty.
workplace politics
The process by which disagreements about goals, priorities, and
resources get resolved in organizations through decisions that
favor some people's views and interests over others.