Showing posts with the label vulnerabilities

What Is A Software Vulnerability?

tl;dr In the broadest sense, a software vulnerability is a flaw that allows the vulnerable system to perform unplanned actions . Examples of the results of these unplanned actions include, sensitive information disclosure (example) , denial of service (DOS) (example) , authentication bypass (example) , and most dangerously, full takeover of a system (aka RCE) (example) by a malicious attacker. Formal Definitions According to ENISA (European Union Agency for Network and Information Security) a vulnerability is, " The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event" ( reference ). According to  NICCS (National Initiative for Cybersecurity Careers & Studies) a vulnerability is , " Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur " ( reference ). The definitio