This standard uses the following definitions:
3rd Party Dependency: Here: 3rd party software artifacts, used by an application (e.g. libraries, Maven artifacts).
Application: Here: Synonym for -> web application, web service or API.
Change: Change to an application in production.
Confidential Data: Data, which consists of
confidential information (e.g. trademarks, sensible business logic, passwords or personal data),
is explicitly declared as those or
is only accessible by a restricted number of people.
Confidential Source or Program Code: Source or program code which may consist -> confidential data.
Criticality: Here: Mostly synonym for business criticality.
Dependency Repository: System that manages 3rd party dependencies (e.g. libraries, Maven artifacts). A dependency repository is often part of a general software repository system such as Nexus or Artifactory.
External Web Application: A web-based application that is accessible from the outside of the organization (e.g. via the Internet).
Internal Source or Program Code: Source or program code which is not confidential and not public (standard).
Internal Web Application: A web-based application that is only accessible from the inside of the organization (e.g. intranet application).
Service: Here: Synonym for web-based service (e.g. web service or RESTful service, API).
Source Code Repository: System where custom code is stored (e.g. SVN, Git).
Web Application: Here: A software program (UI, service or API or combination of them) that is accessible via HTTP(s) protocol and fulfills a particular business case.
Web-based Application: See web application.