The following material is under construction, and immature.
What is a Vulnerability?
There are many definitions of vulnerability out there in both academic and industry world. Here are some of them:
A vulnerability is
- "An error or weakness in design, implementation, or operation"
- "A specific flaw or oversight in a piece of software (or program) that allows attackers to do something malicious, expose or alter sensitive information"
- "A weakness in a system that can be exploited to violate the system's intended behavior. There may be security, integrity, availability, and other vulnerabilities"
- "An internal fault that enables an external fault to harm the system"
- "A flaw or defect in a technology or its deployment that produces an exploitable weakness in a system, resulting in behavior that has security or survivability implications"
- "An instance of [a mistake] in the specification, development, or configuration of software such that its execution can violate the [explicit or implicit] security policy"
In industry, vulnerability is defined as
- Security holes/bugs are faults, defects, or programming errors. These may be exploited by unauthorized users to access computer networks or web servers from the Internet. Secpoint
- A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly — to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust. Microsoft