Glossary V

HashiCorp Vault is an open-source secrets management platform that provides secure storage, dynamic secret generation, data encryption, and identity-based access control for sensitive values. Vault's dynamic secrets feature generates short-lived, on-demand credentials for databases, cloud providers, and SSH, eliminating long-lived static credentials. Its auth methods support Kubernetes service accounts, cloud IAM, LDAP, and OIDC, making it a central secrets management hub in multi-cloud and hybrid environments.

A vector database stores high-dimensional embedding vectors and supports efficient approximate nearest neighbor (ANN) search to find the most semantically similar vectors to a query. Purpose-built vector databases (Pinecone, Weaviate, Qdrant, Chroma) and vector extensions for traditional databases (pgvector) underpin RAG systems. ANN algorithms like HNSW and IVF-PQ enable sub-millisecond search over millions of vectors.

Vendor lock-in occurs when an organization becomes excessively dependent on a single vendor's proprietary tools, APIs, or services, making migration prohibitively expensive or disruptive. In cloud and DevOps contexts, lock-in risks are mitigated by adopting open standards (OCI, CNCF projects), abstracting vendor-specific APIs behind interfaces, and favoring portable tools like Terraform over cloud-native equivalents.

Version pinning locks dependencies, base images, and tooling to specific versions rather than allowing floating ranges. Pinning ensures reproducible builds — the same code produces the same artifact every time — and prevents unexpected breakage from upstream updates. Dependency update tools like Dependabot and Renovate automate the review and merge of pinned dependency updates.

VEX is a security advisory format that allows software suppliers to communicate whether their products are affected by a given CVE, even if a vulnerable component is present in the SBOM. A VEX statement can assert that a component is not exploitable due to compensating controls, code path analysis, or platform conditions. VEX reduces alert fatigue from transitive dependency vulnerabilities.

vLLM is an open-source high-throughput LLM serving engine that uses PagedAttention to manage KV cache memory in non-contiguous pages, similar to virtual memory in operating systems. This eliminates KV cache fragmentation, dramatically increasing GPU utilization and throughput for concurrent requests. vLLM supports continuous batching, tensor parallelism, and dozens of open-source model architectures.

A language model's vocabulary is the fixed set of tokens it can represent, determined by the tokenizer used during training. Vocabularies for modern LLMs typically range from 32,000 (LLaMA) to 200,000+ (GPT-4) tokens. A larger vocabulary reduces the number of tokens needed to represent text (lower sequence lengths) but increases the size of the embedding and output projection layers.

The Vertical Pod Autoscaler automatically adjusts CPU and memory resource requests for Kubernetes pods based on historical usage patterns. VPA recommends or automatically applies right-sized resource requests, preventing over-provisioning (wasted cost) and under-provisioning (OOMKilled pods). VPA operates in Off, Initial, and Auto modes and complements HPA for comprehensive resource optimization.

A VPC is an isolated virtual network in a cloud provider where you launch resources with defined IP address ranges, subnets, routing tables, and network gateways. VPCs provide network-level isolation between environments (dev, staging, prod) and customers (in multi-tenant architectures). Security groups and network ACLs control inbound and outbound traffic within a VPC.

VPC Flow Logs capture metadata about IP traffic flowing through network interfaces in an AWS VPC, Azure VNet, or GCP VPC, recording source and destination IPs, ports, protocol, bytes transferred, and accept/reject decisions. Security teams analyze flow logs to detect unusual traffic patterns, identify lateral movement between subnets, and investigate data exfiltration. Flow logs are a critical data source for network-based threat detection and are often streamed to SIEM platforms for correlation with other log sources.

VPC peering is a networking connection between two Virtual Private Clouds that enables instances in either VPC to communicate using private IP addresses as if they were in the same network. Security considerations include that peered VPCs share network access but not security groups — separate security group rules and NACLs must be configured in each VPC. VPC peering does not support transitive routing, limiting blast radius but also requiring explicit peering for every VPC pair that needs communication.

A VPN creates an encrypted tunnel between a client and a server, enabling secure remote access to private networks and masking traffic from network observers. Enterprise VPNs grant users access to entire network segments, which is a security concern compared to ZTNA's application-specific access. VPN concentrators are a high-value attack target because they expose the network perimeter to the internet.

Vulnerability management is the continuous process of identifying, classifying, prioritizing, remediating, and verifying security vulnerabilities across an organization's systems and software. It encompasses scanning infrastructure and applications, correlating findings with threat intelligence (EPSS, KEV), tracking remediation through SLA targets, and reporting on security posture trends. Effective vulnerability management programs use risk-based prioritization rather than fixing all vulnerabilities by CVSS score alone.