Software & AI Development Glossary

Jump to a category

Engineering & Delivery AI & Machine Learning VoIP & Telecom Cloud & DevOps Data & Analytics Compliance & Security Commercials & Engagement

Engineering & Delivery

Day-to-day terms you will see in standups, PRs, and SOWs.

MVP Minimum Viable Product: The smallest version of a product that delivers a learning. The goal is not minimal, it is enough to validate or invalidate a hypothesis. See our MVP development service.
Trunk-Based Development: A branching strategy where every engineer integrates work into one long-lived branch (main) at least once a day. Feature branches live less than 48 hours. Reduces merge pain and drift.
Definition of Done: A team-agreed checklist a piece of work must satisfy before it is marked complete: tests, docs, security scans, accessibility checks, observability. See our methodology page.
CI/CD Continuous Integration / Delivery: Automation that runs every commit through tests, security scans, and packaging, then promotes good builds to staging and production without human handoff.
Technical Debt: The cost of choosing a faster but worse implementation today, paid back in slower future changes. Manageable; only dangerous when it is invisible. See our blog post.
Feature Flag: A runtime switch that lets a feature be merged into main without being visible to users. Enables daily merges without daily releases.
Code Review: The practice of having every change inspected by a second engineer before merging. We pair it with an AI reviewer agent. See our methodology.

AI & Machine Learning

Terms you will see whenever an LLM, agent, or model is involved.

LLM Large Language Model: A neural network trained on huge text corpora that predicts the next token. Claude, GPT-4o, Gemini, and Llama 3 are LLMs. Useful when generation, classification, or extraction is needed at scale.
RAG Retrieval-Augmented Generation: An LLM pattern that retrieves relevant documents from a vector store and inserts them into the prompt at query time. Reduces hallucinations and grounds answers in source material. See RAG vs Fine-tuning.
Fine-tuning: Continued training of a pre-trained model on a smaller, task-specific dataset. Useful when style, format, or domain-specific behaviour matters more than raw knowledge.
Embedding: A high-dimensional vector that represents the meaning of a piece of text, image, or audio. Similar items have similar vectors. The basis of vector search.
Vector Database: A database optimised for nearest-neighbour search over embeddings. pgvector, Pinecone, Weaviate, Qdrant, Milvus are common choices.
Agent / Agentic AI: An LLM-powered system that can plan, call tools, and iterate on its own work. Different from a single-shot chat. Examples: Claude Code, Cursor agents, browser-use.
MLOps: The discipline of running machine learning models reliably in production: versioning, monitoring, drift detection, retraining triggers, rollback. The DevOps of ML.
Hallucination: When an LLM generates plausible but incorrect output. Mitigated with RAG, citations, smaller scopes, and human review on high-stakes decisions.
Token: A unit of text an LLM processes (roughly 0.75 words). Models have token limits per prompt and per response. Costs are usually billed per million tokens.

VoIP & Telecom

The vocabulary of softswitches, SIP, and contact centres.

SIP Session Initiation Protocol: The signalling protocol used to start, manage, and end voice or video calls over IP. Think "HTTP for phone calls".
RTP Real-time Transport Protocol: The media protocol that carries the actual audio/video packets once SIP has set up the call.
FreeSWITCH: An open-source softswitch used to build voice applications, contact centres, and PBXs. Strong in mixed-media and custom IVRs. See our FreeSWITCH developer page.
Asterisk: An older open-source PBX framework that powers FreePBX and many on-prem call systems. See our Asterisk developer page.
Kamailio / OpenSIPS: High-performance open-source SIP servers used as proxies, registrars, or load balancers in front of softswitches. See Kamailio / OpenSIPS.
SBC Session Border Controller: A specialised SIP proxy that sits at the edge of a VoIP network providing security, NAT traversal, and protocol translation.
WebRTC: A browser-native standard for real-time audio, video, and data. The basis of in-browser calling, video conferencing, and live-streaming. See our WebRTC developer page.
SIPp: An open-source load-testing tool for SIP. We use it to validate FreeSWITCH and OpenSIPS deployments under load.

Cloud & DevOps

Infrastructure, deployment, and reliability terms.

IaC Infrastructure as Code: Defining cloud resources in version-controlled code (Terraform, Pulumi, CloudFormation) so infrastructure is repeatable, reviewable, and auditable.
Kubernetes / K8s: An open-source container orchestrator that schedules, scales, and heals containerised workloads. Standard for cloud-native deployments.
Microservices: An architecture style where the system is split into independently deployable services. Trade-off: more flexibility, more operational overhead.
SRE Site Reliability Engineering: The practice of running production systems using software engineering tools and discipline. Owns error budgets, SLOs, and on-call.
Observability: The ability to understand what a system is doing from its outputs: logs, metrics, traces. Different from monitoring, which only catches what you predicted.
Blue/Green Deployment: A deployment pattern where a new version is deployed alongside the old, traffic is switched over once verified, and the old version is kept as instant rollback.
Canary Release: Releasing a new version to a small percentage of users first, watching for regressions, then ramping the percentage up. Reduces blast radius.

Data & Analytics

From pipelines and warehouses to causal inference.

ETL / ELT: "Extract, Transform, Load" vs "Extract, Load, Transform" — two patterns for moving data into a warehouse. Modern warehouses (Snowflake, BigQuery) favour ELT.
Data Warehouse vs Data Lake vs Lakehouse: Warehouse = structured analytical store (Snowflake, BigQuery). Lake = raw storage of any format (S3, GCS). Lakehouse = the two patterns combined (Databricks, Iceberg).
dbt: A tool that lets analytics engineers transform data in the warehouse using SQL + version control + tests. The Git workflow for analytics.
A/B Test: An experiment that randomly assigns users to two variants to measure causal effect of a change. Done right, it answers "did this work?" with statistical rigour.
Cohort Analysis: Grouping users by a shared characteristic (signup month, plan, geography) to compare behaviour over time.

Compliance & Security

Frameworks and acronyms you will see in security questionnaires.

SOC 2: A US compliance framework for service organisations covering security, availability, processing integrity, confidentiality, and privacy. Type 1 = controls exist; Type 2 = controls have operated effectively over a period. See our compliance page.
HIPAA: US healthcare privacy and security law. Requires technical, administrative, and physical safeguards over Protected Health Information (PHI).
GDPR: EU/UK data protection regulation. Requires lawful basis for processing, data subject rights, breach notification within 72 hours, and DPAs with sub-processors. See our DPA.
PCI DSS: Payment Card Industry Data Security Standard. Required for any system that stores, processes, or transmits card data. Scope-reduction (tokenisation) is the cheapest path to compliance.
ISO 27001: An international standard for information security management systems (ISMS). Audited annually, recertified every 3 years.
Pen Test Penetration Test: An authorised simulated attack on a system to find exploitable weaknesses. Annual is standard for SaaS; quarterly for regulated workloads.
SAST / DAST / SCA: Static, dynamic, and software-composition analysis — three classes of automated security scans. We run all three in CI (Semgrep, OWASP ZAP, Snyk).

Commercials & Engagement

The contractual and pricing vocabulary of vendor engagements.

NDA Non-Disclosure Agreement: A bilateral or unilateral contract preventing one or both parties from disclosing confidential information. Standard before any commercial-in-confidence call.
MSA Master Services Agreement: The umbrella commercial contract between a buyer and a vendor. Defines payment terms, IP, liability, and the rules for any future Statement of Work. See our sample MSA.
SOW Statement of Work: A per-project schedule signed under an MSA. Defines scope, deliverables, milestones, fees, and assumptions. Where the work actually lives.
DPA Data Processing Addendum: An addendum required under GDPR/UK GDPR when one party processes personal data on behalf of another. See our DPA template.
Fixed Price vs Time & Materials: Two pricing models. Fixed = vendor takes the scope risk for a fixed fee. T&M = buyer pays for hours worked at agreed rates. See our blog post.
Retainer: A recurring fee that buys a guaranteed pool of senior engineering hours per month. Useful when scope shifts week to week.
RFP Request for Proposal: A buyer's formal request for vendor responses to a defined need. We publish a free RFP template.
SLA Service Level Agreement: A commitment to specific performance targets (response time, uptime, resolution time) with consequences for missing them. See our SLA page.