vulnerability

vulnerability : flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.

We use cookies to understand how this site is used and to improve the site to make use easier. We also share details with Google for analytic purposes. For more information, and to understand the limited use we have for your data, see our privacy page.

If you do not want us to handle your data in this way you can eitherstop using this site or set your browser to request that we do not track you. Continued use of this site without setting do not track explicitly provides your authority to make limited use your data.

Definition

flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy

This is a concrete item and can be implemented directly

Term: vulnerability;
Plural: vulnerabilities;

Notes

Note 1 to entry: This definition of “vulnerability” differs from the definition of “vulnerability” used in the context of general risk management, where it encompasses the notion of possibility of exposition to a risk.

Examples

Diagrammatic representation

# Copyright Oughtibridge Ltd digraph "vulnerability" { fontname="Cambria" # label="vulnerability" layout="fdp" size="8.8 12" # Keep within 8.8" wide, 12" deep sep=0.3 outputmode=edgefirst remincross=true splines=curved overlap=false node [shape=box style=rounded] # Defines the common node specification # Diagram specific parameters - override any above # Start of the main graph # List of concepts #vulnerability 67 [label="vulnerability" fontname="Cambria" URL="https://81001.org/concept/vulnerability" tooltip="flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy" color="#a7ff00"] #exploit 15 [label="exploit" fontname="Cambria" URL="https://81001.org/concept/exploit" tooltip="defined way to breach the security of information systems through vulnerability" color="#a7ff00"] #threat 62 [label="threat" fontname="Cambria" URL="https://81001.org/concept/threat" tooltip="potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm" color="#a7ff00"] #hazardous situation 19 [label="hazardous situation" fontname="Cambria" URL="https://81001.org/concept/hazardous_situation" tooltip="circumstance in which people, property or the environment is/are exposed to one or more hazards" color="#a7ff00"] #weakness 68 [label="weakness" fontname="Cambria" URL="https://81001.org/concept/weakness" tooltip="kind of deficiency." color="#a7ff00"] #weakness 68 [label="weakness" fontname="Cambria" URL="https://81001.org/concept/weakness" tooltip="kind of deficiency." color="#a7ff00"] #List of generalisations and specialisations #vulnerability IS A weakness 68 -> 67 [arrowtail="onormal" dir="back" color="blue" label="" tooltip="vulnerability is a type of weakness" fontname="Cambria"] # List of associations #0..* exploit take advantage of 1..* vulnerability 15 -> 67 [constraint=false, dir="forward" label="take advantage of" fontname="Cambria"] #0..* threat exploit 0..* vulnerability 62 -> 67 [constraint=false, dir="forward" label="exploit" fontname="Cambria"] #0..* vulnerability lead to 0..* hazardous situation 67 -> 19 [constraint=false, dir="forward" label="lead to" fontname="Cambria"] }

Simple graph - vulnerability

Required associations

a number of exploits take advantage of one or more vulnerabilities

Optional associations

a number of threats exploit a number of vulnerabilities
a number of vulnerabilities lead to a number of hazardous situations

Generalisations

weakness
vulnerability

Specialisations

vulnerability