The security space can be a strange and confusing place for newcomers. In this series of posts, we aim to shed light on the security lingo you may encounter when reading the latest security specifications and scanning your favorite Duende documentation. By the end of this post, you’ll have added one more security phrase to your growing lexicon of security jargon with which to impress your fellow security professionals.
Today’s security lingo is BCP, so let’s discuss what the acronym stands for and where you can see and hear it used.
What is BCP?
If you grew up as a fan of late 80s cinema, you may think BCP is a corrupt megacorporation at the center of the RoboCop franchise. In this case, you would be mistaken; that’s OCP or Omni Consumer Products. Unlike RoboCop, you don’t have to be part man and part machine to understand what BCP means.
In the field of security research, BCP stands for “Best Current Practices” and is typically used by security professionals in both written and spoken forms as a precursor to explaining the best current practice.
Explained differently: a BCP is what the current knowledge and insights in the security world prescribe as the best solution to a given problem. For example, when it comes to the BCP for securing your modern applications, the protocols to consider are OpenID Connect and OAuth 2.0. If you’re building single-page applications, the BCP is currently Backend for Frontend. And it’s always the BCP to implement and follow specifications set by the Internet Engineering Task Force and stay spec-compliant, as we do here at Duende.
It’s essential to note that current best practices can change over time due to circumstances. Be mindful when folks use the phrase BCP, that they have a date and time to contextualize the “current” part of the phrase. Therefore, while something may have been previously referred to as a BCP, it’s always advisable to consult the current literature and seek the guidance of a security expert.
That’s it, and now you know. Next time you’re at a gathering of security-minded folks, you’ll understand what others mean when they drop the BCP acronym into conversation and feel more comfortable responding.
Thanks for stopping by!
We hope this post helped you on your identity and security journey. If you need a hand with implementation, our docs are always open. For everything else, come hang out with the team and other developers on GitHub.
If you want to get early access to new features and products while collaborating with experts in security and identity standards, join us in our Duende Product Insiders program. And if you prefer your tech content in video form, our YouTube channel is the place to be. Don't forget to like and subscribe!
Questions? Comments? Just want to say hi? Leave a comment below and let's start a conversation.