In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, a flaw is the least serious security hole in the respective risk categorization. It is an unknown factor in the system, which a tester could not identify with the available information within the given time frame (example: unexpected response from a router).