Vulnerability

Alternative Definitions

Definition 2

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

Source: Committee on National Security Systems Glossary CNSSI 4009-2015Type: standard

Definition 3

A loophole or bug in hardware or software through which attackers can access a system.

Source: Information Assurance Situation in Switzerland and InternationallyType: external

Definition 4

A weakness in a system, application, or network that is subject to exploitation or misuse. SOURCE: SP 800-61

Source: The Cyber GlossaryType: external

Definition 5

An exploitable flaw that can undermine a system’s security. (This term is often used to describe the overall strategic perception of susceptibility to a given threat actor. It should only be used to describe a cyber-system issue.) Zero Day (noun) or Zero-Day (modifier) A cyber capability that relies on a vulnerability in the design or implementation of a system and can be used to violate its security. Neither the system designers, cyber security community, or general public are aware of the vulnerability.

Source: ODNI Cyber Threats to Elections LexiconType: external

Definition 6

A defect in a computer system (software or hardware) that weakens the security guarantees about that computer system. A Vulnerability does not necessarily provide an attacker a way of controlling the system or seeing what it is doing, but it leaves open “vectors of attack” through which flaws might potentially be exploited. Finding vulnerabilities in both software and hardware is common.

Source: Open Source Voting in San FranciscoType: external