Software-based System Vulnerability
A Software-based System Vulnerability is a system vulnerability for a computing system.
- AKA: Software Code Security Flaw.
- Context:
- It can be recognized by a Software Vulnerability Recognition Task (such as by a DAST system).
- It can be exploited by a Hacker (using a software system exploit).
- …
- Example(s):
- Spectre (vulnerability).
- Meltdown (vulnerability).
- one that is the focus of a Zero-Day Attack.
- …
- Counter-Example(s):
- See: Computer Security, Hacker (Computer Security), Information Assurance, Attack Surface, Vulnerability Management, Exploit (Computer Security), Security Bug, Security Defect, DARPA AIxCC.
References
2018
- (Wikipedia, 2018) ⇒ https://en.wikipedia.org/wiki/Vulnerability_(computing) Retrieved:2018-1-11.
- In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. [1] This practice generally refers to software vulnerabilities in computing systems.
A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled — see zero-day attack.
Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.
Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.
- In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. [1] This practice generally refers to software vulnerabilities in computing systems.
- ↑ Foreman, P: Vulnerability Management, page 1. Taylor & Francis Group, 2010.