Hockey wrote:Weird how some acronyms get pronounced and others not...
CMS I pronounce as a acronym...CAPTCHA I pronounce as a word. ASP, PHP, HTML are other examples which do not get pronounced...yet SQL is usually sequel
I was listening to a recording of a security presentation by Chris Shiflett, and I got very worried when he started talking about seasurf attacks, which I'd never heard of, and then as I continued listening I started thinking that these seasurf attacks were very similar to CSRF attacks, and it took me a few more minutes for it even to occur to me that they were the same thing.
As far as I know, there's no standards committee for pronunciation, so it's a matter of usage within a community. I've never heard a Microsoft person pronounce SQL Server as anything other than Sequel Server, and I've never heard a Mysql person say anything other than My S.Q.L. But there are a lot of technical terms I've never actually heard pronounced - I don't speak to security experts, I only read their blogs, so I don't know if CSRF is spelt out or pronounced "seasurf", in the same way as I don't know if the word "hegemony" has a hard or a soft "g".
Sometimes, spelling it out isn't wrong, but it's also not wrong to acronymize it for brevity. If you're Chris Shiflett, and you have to say "CSRF" a hundred times a day, you save a lot of time by cutting it down from four syllables to two. I was working for a phone company where we didn't talk about somebody's phone number, we talked about their MSISDN, and since it can get very tiring for such a frequently used concept to have six syllables, so a lot of people pronounced it "mizdun".