Glossary B

B-trees are balanced tree data structures used by most relational databases as the default index structure. They maintain sorted data and support efficient lookups, range queries, inserts, and deletes in O(log n) time. PostgreSQL, MySQL, and SQLite all use B-trees as their primary index type. Understanding B-tree behavior is essential for query optimization and index design.

Bandwidth is the maximum rate of data transfer across a network path, measured in bits per second (Mbps or Gbps). In cloud contexts, bandwidth limits apply to instance network interfaces, VPC peering connections, and internet gateways. Applications that transfer large volumes of data — media, backups, analytics — must budget for bandwidth constraints and associated egress costs.

BASE describes the consistency model of many NoSQL and distributed databases that trade strict ACID guarantees for availability and partition tolerance. Basically Available means the system always responds, Soft State means data may change without input due to eventual consistency propagation, and Eventually Consistent means all replicas will converge to the same state given enough time and no new updates.

Batch inference processes multiple inputs simultaneously through a model rather than handling each request independently. Grouping requests into batches improves GPU utilization and throughput at the cost of increased latency for individual items. Continuous batching, used by systems like vLLM, dynamically fills batches to maximize hardware efficiency for LLM serving.

BDD extends TDD by framing tests in terms of user-facing behavior using a structured natural language (Given/When/Then scenarios). It bridges communication between developers, testers, and business stakeholders by expressing requirements as executable specifications. Tools like Cucumber and Behave parse Gherkin-syntax scenarios and execute them as integration tests.

Beam search is a decoding algorithm that maintains a fixed number (beam width) of the most likely partial sequences at each generation step, expanding and pruning them to find a high-probability complete sequence. It produces more coherent outputs than greedy decoding but is slower and can generate repetitive or generic text at high beam widths.

BERT is a transformer-based language model pre-trained with masked language modeling (predicting hidden tokens using both left and right context). Unlike autoregressive GPT models, BERT's bidirectional encoder produces rich contextual embeddings suitable for classification, question answering, and named entity recognition. BERT and its variants (RoBERTa, DeBERTa) remain widely used for NLP tasks requiring deep text understanding.

BF16 is a 16-bit floating-point format with the same exponent range as 32-bit float but reduced mantissa precision, making it well-suited for deep learning training. It avoids the numerical overflow issues common with FP16 while halving memory usage compared to FP32. BF16 is natively supported on Google TPUs and modern NVIDIA GPUs (Ampere and later).

The BFF pattern creates a dedicated backend service for each frontend application (web, iOS, Android) that aggregates and shapes data from downstream microservices. Rather than having a general-purpose API, each client gets an API optimized for its specific needs. BFF reduces over-fetching, simplifies client code, and allows frontend teams to own their API contract without negotiating with shared platform teams.

Blameless culture is an organizational practice in which incidents and failures are treated as learning opportunities rather than occasions to assign individual fault. Post-incident reviews focus on system and process improvements that prevent recurrence. Pioneered by Google SRE, blameless culture encourages psychological safety and honest incident reporting.

BLEU is an automatic metric for evaluating machine-generated text quality by measuring n-gram overlap with human reference translations. It was originally designed for machine translation and ranges from 0 to 1, with higher scores indicating closer match to reference text. BLEU is widely criticized for correlating poorly with human judgment on open-ended generation tasks.

Block storage presents raw storage volumes to compute instances as if they were physical disks, enabling the OS to format and manage them directly. It offers the lowest latency and highest IOPS of the storage types, making it suitable for databases and transactional workloads. AWS EBS, Azure Managed Disks, and GCP Persistent Disk are the primary cloud block storage services.

Blue-green deployment maintains two identical production environments (blue = current, green = new). Traffic is switched from blue to green atomically when the new version is ready, and blue is kept as an instant rollback target. Unlike canary deployments, blue-green switches all traffic at once, eliminating the mixed-version state. It requires double the infrastructure during the transition period.

Blue-green deployment maintains two identical production environments (blue and green) where only one serves live traffic at a time. New releases are deployed to the idle environment, validated, and then traffic is switched atomically. If problems occur, instant rollback is achieved by switching traffic back. This strategy eliminates deployment downtime and provides a fast rollback path.

Bot management distinguishes between legitimate bots (search crawlers, monitoring agents) and malicious ones (credential stuffers, scrapers, DDoS bots) to selectively block harmful automated traffic. Advanced bot management uses fingerprinting, behavioral analysis, and challenge-response mechanisms to identify bots that evade simple rate limiting or IP blocking. Cloud-native bot management services integrate with CDNs and API gateways to protect at the edge.

BPE is a tokenization algorithm that iteratively merges the most frequent pair of bytes or characters in a training corpus, building a vocabulary of subword units. It balances vocabulary size against the ability to represent rare words as sequences of subword tokens. BPE is used by GPT models; SentencePiece offers a similar approach with language-agnostic segmentation.

Branch protection rules prevent direct pushes to important branches (like main or release) and require pull requests, passing CI checks, and code reviews before merging. Most Git hosting platforms (GitHub, GitLab, Bitbucket) support branch protection policies that enforce workflows and maintain code quality gates. They are a key control in trunk-based development.

Broken access control is the top OWASP vulnerability category, covering failures that allow users to act outside their intended permissions. Vulnerabilities include insecure direct object references (accessing other users' resources by manipulating IDs), missing function-level access checks, privilege escalation, and CORS misconfigurations. Consistent server-side access control enforcement on every request is the primary defense.

An IDOR vulnerability occurs when an application uses user-controllable input (like an ID in a URL) to directly access objects without verifying the requesting user has permission to access that specific object. Attackers enumerate or guess IDs to access other users' records, documents, or account data. Prevention requires server-side authorization checks on every access, verifying that the authenticated user owns or has permission for the specific resource requested.

Broken authentication encompasses implementation flaws in authentication and session management that allow attackers to compromise passwords, keys, or session tokens. Common issues include weak password policies, missing brute force protections, insecure session fixation, and improper credential storage. OWASP recommends multi-factor authentication, secure session management, and credential breach detection as primary controls.

BSIMM is a data-driven framework that measures the maturity of software security initiatives by observing real-world practices across participating organizations. It catalogs 121 activities across 12 practices organized into four domains: Governance, Intelligence, SSDLC, and Deployment. Organizations use BSIMM to benchmark themselves against industry peers and identify gaps in their security program.

A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, overwriting adjacent memory. Attackers exploit this to overwrite return addresses, inject shellcode, or corrupt application state, potentially achieving arbitrary code execution. Memory-safe languages like Rust and Go eliminate most buffer overflow classes by design, while C/C++ code requires careful bounds checking.

A bug bounty program incentivizes external security researchers to find and responsibly disclose vulnerabilities in exchange for monetary rewards or recognition. Programs define scope (which systems are in-bounds), reward tiers by severity, and disclosure timelines. Bug bounties complement internal security testing by tapping a global pool of diverse researchers.

A build artifact is the output of a build pipeline — such as a compiled binary, JAR file, Docker image, or npm package — that is stored and used in subsequent pipeline stages or deployments. Artifacts are versioned, immutable outputs that ensure the exact same binary is tested and deployed. Artifact storage in registries or object storage enables traceability across environments.

Build caching stores the results of expensive build steps so they can be reused when inputs haven't changed. In CI/CD pipelines, caching dependencies, compiled outputs, and Docker layers can reduce build times by 50–90%. Effective cache invalidation strategies ensure stale caches don't mask bugs while maximizing reuse.

Buildah is an open-source tool for building OCI-compliant container images without requiring a Docker daemon or root privileges. It supports building images from Dockerfiles or using native Buildah commands for fine-grained layer control. Buildah is commonly used in rootless CI/CD environments and integrates naturally with Podman and Skopeo in the container toolchain.

A bundler takes module-based JavaScript source code and combines it with its dependencies into one or more optimized output files for browser delivery. Modern bundlers like Vite, esbuild, Rollup, and webpack handle tree-shaking (dead code elimination), code splitting, and asset optimization. Bundler performance is a key factor in developer experience — fast bundlers like esbuild enable near-instant hot reload.

Burp Suite is an integrated platform for web application security testing developed by PortSwigger. It functions as an intercepting proxy allowing testers to inspect and modify HTTP/S traffic between browser and server. Burp Suite's professional edition includes an automated scanner, intruder for fuzzing, and extensions marketplace, making it the de facto standard tool for web application penetration testing.