Startup Founder Glossary

Industry-standard list of the most critical web application security risks, updated every few years.

Feature priority bands — P0 blocks launch, P1 launches with, P2 is post-launch.

Latency value below which 95% of requests complete — better tail-behaviour signal than average response time.

Marketing channels that require dollar spend (ads) versus organic channels (SEO, community, referrals).

Qualifier that distinguishes 'hair-on-fire' pain from 'annoying but manageable' across user segments.

Coordinated effort to integrate with or co-market alongside adjacent businesses that share your ICP.

Customer pays a fixed price per user — scales naturally with team adoption inside an account.

Targeted work on slow queries, hot endpoints, and memory hotspots based on profiling data, not guesses.

Structured course-correction that changes product, audience, or business model based on validation learning.

Growth motion where the product itself acquires, converts, and expands customers with minimal sales touch.

The moment a product satisfies strong demand — usage compounds without paid acquisition and churn drops.

Client repeatedly asks the server for fresh data on a fixed interval — simpler than WebSockets, less timely.

One sentence that locks down audience, category, key benefit, and unique differentiator versus alternatives.

Open-source relational database known for ACID compliance, JSON support, extensions, and operational maturity.

Document that defines what to build for the first release, including features, requirements, and success metrics.

Earliest priced or convertible round, usually pre-revenue and pre-product-market-fit.

Targeted email pitch to journalists who cover the relevant beat — measured in mentions, not blast volume.

Top 5-10 high-intent search terms the site explicitly targets through content, titles, and on-page signals.

Top 3-5 metrics that determine whether the product is succeeding at its mission this quarter.

The single buyer archetype the product targets first — defines roadmap, copy, and pricing priorities.

Type-safe database client for Node.js with schema migrations, query builder, and excellent TypeScript inference.

Process of confirming a problem is real, acute, and felt by enough people to justify building.

Coordinated Tuesday launch on producthunt.com to capture maker-community attention and early signups.

The live system that real customers use — protected by stricter access, monitoring, and change controls.

Cap on requests-per-time-window for a given API key — prevents abuse and protects shared infrastructure.

Async copies of the primary database used to serve read traffic — scales reads without sharding.

In-memory key-value store used for caching, queueing, rate limiting, and pub-sub.

Structured incentive where existing customers get rewards for bringing in new paying customers.

Architectural style for HTTP-based APIs that maps resources to URLs and uses standard verbs (GET, POST, PUT, DELETE).

Sprint-end discussion of what worked, what didn't, what changes for next sprint — the engine of team improvement.

Severity of consequences if the risk fires — usually rated in business terms (revenue loss, timeline slip).

Probability that a risk materializes — usually scored Low / Medium / High or on a 1-5 scale.

Structured table of known risks with likelihood, impact, and mitigation strategy — reviewed at every checkpoint.

Combined likelihood × impact score that ranks which risks deserve mitigation effort first.

Step-by-step operational guide for handling common production events — failed deploys, dead workers, data loss.

Number of months before the company runs out of cash at the current net burn rate.

GTM motion where a sales team drives every meaningful expansion — typical of enterprise contracts.

The slice of TAM your product can realistically serve given geography, language, and product fit.

Isolated test environment with synthetic data that lets developers exercise the API safely.

Automated source-code analysis that finds security vulnerabilities without running the application.

Mid-tier plan with higher quotas and elevated support, targeting growing customers ready to commit annually.

Versioned change to database structure (new tables, columns, indexes) applied through a controlled pipeline.

Gradual expansion of project requirements beyond the original scope — kills timelines without anyone noticing.

Pre-built client library that handles auth, retries, types, and error mapping so customers integrate faster.

Supporting metrics that diagnose WHY primary KPIs are moving — early warnings and root-cause leads.

Adjacent buyer archetype with overlapping needs — addressed once primary has product-market fit.

Storing API keys, DB passwords, and credentials in a vault — never in code or .env files committed to git.

Early-stage round to validate product-market fit and build the first revenue traction.

NLP technique that converts unstructured user text into a positive/neutral/negative score.

Plan for ranking on search engines through content, on-page optimisation, technical infrastructure, and links.