A vulnerability is a weakness of an asset or control that can be exploited by one or more threats (ISO 27000, see also threat). In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, a vulnerability is the most serious category of a flaw or error (of a total of five). It relates to the security mechanism which allows for privileged access to a certain infrastructure (for example software being vulnerable to a buffer-overflow, denial-of-service or XSS attack).

Back to the glossary overview