Posts

What Is A Software Vulnerability?

Image
tl;dr In the broadest sense, a software vulnerability is a flaw that allows the vulnerable system to perform unplanned actions. Examples of the results of these unplanned actions include, sensitive information disclosure (example), denial of service (DOS) (example), authentication bypass (example), and most dangerously, full takeover of a system (aka RCE) (example) by a malicious attacker.
Formal Definitions According to ENISA (European Union Agency for Network and Information Security) a vulnerability is, "The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event" (reference).

According to  NICCS (National Initiative for Cybersecurity Careers & Studies) a vulnerability is, "Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur" (reference).

The definition I use defines a vulnerab…