Hardware, software, or operational deficiency that provides opportunity for a threat. The word vulnerability refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanisms of the system or the data and applications it hosts.
Vulnerabilities may result from any number of situations such as a software bug or design flaws in a system. A vulnerability can exist either only in theory, or could have a known exploit. Vulnerabilities are of significant interest when a program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or router).
The challenge is in minimizing the number of vulnerabilities.