In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, a weakness is the second most serious security hole (of a total of five) in the respective risk categorization. A weakness is a flaw or error in the platform upon which the security mechanism is built (for example if passwords are sent unencrypted over HTTP).