In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, a concern is the third most serious security hole (of a total of five) in the respective risk categorization. A concern is no direct threat, but an issue that is not in compliance with best practices (for example active, unnecessary network services).