Reflection is the ability to examine, understand, and modify the internal structure of an object through reading/writing of metadata at runtime. Most statically typed languages have a built-in reflection capability, most likely through the use of a library. It is important to understand that because reflection happens at runtime there is no type checking at compile time for reflection based code. This can lead to unpredictable behavior and bugs. Reflection also has a performance impact, as it requires a lot of runtime processing to perform in order to manipulate objects in memory.


Remediation is the process of fixing a vulnerability through a patch, configuration change, or other means. In application security this generally involves a code change to fix a vulnerability.


Risk, the most common term in cybersecurity, is the measure of potential for loss due to a vulnerability. Risk is often expressed as the probability of a vulnerability being exploited multiplied by the impact of the exploit. Due to the unpredictable nature of software, and computing in general, it is impossible to accurately calculate the probability of a vulnerability being discovered and exploited in the wild. Risk is the nearest proxy we can use to measure the potential for loss.

Side Effects in Software

Side effects are generally unintended consequences of a function or program. These unintended consequences can be good or bad. In general, side effects are considered bad because they can make it difficult to reason about the behavior of a program and can lead to inconsistent behavior.

0 posts in total