We use cookies to understand how this site is used and to improve the site to make use easier. We also share details with Google for analytic purposes. For more information, and to understand the limited use we have for your data, see our privacy page.

If you do not want us to handle your data in this way you can eitherstop using this site or set your browser to request that we do not track you. Continued use of this site without setting do not track explicitly provides your authority to make limited use your data.


flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy


This is a concrete item and can be implemented directly

Term: vulnerability; 
Plural: vulnerabilities; 


Note 1 to entry: This definition of “vulnerability” differs from the definition of “vulnerability” used in the context of general risk management, where it encompasses the notion of possibility of exposition to a risk.


Diagrammatic representation

Simple graph - vulnerability

Required associations

a number of exploits take advantage of one or more vulnerabilities

Optional associations

a number of threats exploit a number of vulnerabilities
a number of vulnerabilities lead to a number of hazardous situations