The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.
Today’s security lingo is BCP, so let’s discuss what the acronym stands for and where you can see and hear it used.
What is BCP?
If you grew up as a fan of late 80s cinema, you may think BCP is a corrupt megacorporation at the center of the RoboCop franchise. In this case, you would be mistaken; that’s OCP or Omni Consumer Products. Unlike RoboCop, you don’t have to be part man and part machine to understand what BCP means.
In the field of security research, BCP stands for “Best Current Practices” and is typically used by security professionals in both written and spoken forms as a precursor to explaining the best current practice.
Explained differently: a BCP is what the current knowledge and insights in the security world prescribe as the best solution to a given problem. For example, when it comes to the BCP for securing your modern applications, the protocols to consider are OpenID Connect and OAuth 2.0. If you’re building single-page applications, the BCP is currently Backend for Frontend. And it’s always the BCP to implement and follow specifications set by the Internet Engineering Task Force and stay spec-compliant, as we do here at Duende.
It’s essential to note that current best practices can change over time due to circumstances. Be mindful when folks use the phrase BCP, that they have a date and time to contextualize the “current” part of the phrase. Therefore, while something may have been previously referred to as a BCP, it’s always advisable to consult the current literature and seek the guidance of a security expert.
That’s it, and now you know. Next time you’re at a gathering of security-minded folks, you’ll understand what others mean when they drop the BCP acronym into conversation and feel more comfortable responding.
We hope you found this post enlightening. If there’s other security lingo you’re unsure about, please let us know in the comments, and we’ll be happy to explain.