vulnerability [English]


Other Languages

Syndetic Relationships

InterPARES Definition

n. ~ A weakness or flaw that, if exploited, would expose an entity to risk.

Other Definitions

  • Dictionary of Computing 1996 (†517 s.v. "vulnerability"): Any mechanism that could lead to a breach of the security of a system in the presence of a threat. Vulnerabilities may arise unintentionally due to inadequacy of design or incomplete debugging. Alternatively the vulnerability may arise through malicious intent, e.g. the insertion of a Trojan horse.
  • RFC 4949 (†591 s.v. "vulnerability"): (I) A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.

Citations

  • CNSS-4009 (†730 p.81): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (†1755)
  • ISACA Glossary (†743 s.v. vulnerability): A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events. (†1808)
  • NIST 2013 (†734 p. B-26): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (†1820)
  • RFC 4949 (†591 s.v. "vulnerability"): Tutorial: A system can have three types of vulnerabilities: (a) vulnerabilities in design or specification; (b) vulnerabilities in implementation; and (c) vulnerabilities in operation and management. Most systems have one or more vulnerabilities, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough motivation for someone to launch an attack. (†1352)