From Hill2dot0
Jump to: navigation, search

Hardware, software, or operational deficiency that provides opportunity for a threat. The word vulnerability refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanisms of the system or the data and applications it hosts.

Vulnerabilities may result from any number of situations such as a software bug or design flaws in a system. A vulnerability can exist either only in theory, or could have a known exploit. Vulnerabilities are of significant interest when a program containing the vulnerability operates with special privileges, performs authentication or provides easy access to user data or facilities (such as a network server or router).

A threat exploits a vulnerability that leads to risk. That risk causes damage to an asset resulting in an exposure. Countermeasures are deployed to help mitigate, or minimize, the exposure.

Relationship between Risks and Countermeasures

The challenge is in minimizing the number of vulnerabilities.

See also

External References

The SANS Institute Top 20 Vulnerabilities for 2006

The Security Focus list of vulnerabilities