"In computer security, a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To be vulnerable, an attacker must have at least one applicable tool or technique that can connect to a system weakness." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)
"A weakness in a system’s component that could be exploited to allow unauthorized access or cause service disruptions." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed., 2011)
"A characteristic that leads to exposure, and that may be exploited by a threat to cause harm. Vulnerabilities are most commonly a result of a software flaw or misconfiguration. See also threat." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition" 2nd Ed., 2013)
"a weakness in an information system that gives a threat the opportunity to compromise an asset." (Manish Agrawal, "Information Security and IT Risk Management", 2014)
"A weakness. It can be a weakness in any organizational IT systems, networks, configurations, users, or data. If a threat exploits a vulnerability, it can result in a loss to an organization." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)
"an error in the specification, development, or configuration of software such that its execution can violate the security policy." ( Manish Agrawal, "Information Security and IT Risk Management", 2014)
"The intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)
"Weakness or a lack of a countermeasure." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)
"A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)
"A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)
"The property of a system whereby it is susceptible to a given attack succeeding against that system." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)
"A vulnerability is any weakness in a product, process or system which could potentially be exploited to reduce the security or function of that product, process, or system." (Sandra Blanke et al, "How Can a Cybersecurity Student Become a Cybersecurity Professional and Succeed in a Cybersecurity Career?", 2019)
"the intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence" (ISO Guide 73:2009)
"weakness that could be exploited by a thread" (ITIL)
No comments:
Post a Comment