What is a vulnerability?

Giulio Saggin

Tuesday 28 November 2023

You'll often read a story discussing a vulnerability and, possibly, the 'fix' (known as a CVE) for that vulnerability.

According to MITRE Corporation, which has been notifying the world of CVEs since 1999, a vulnerability is: "A weakness in the computational logic (e.g. code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety)."

Putting it into easy-to-understand terms ... vulnerabilities are a weakness in software and hardware that can be exploited by an attacker (aka threat actor) to perform unauthorized actions within a computer network.

Still unsure? Imagine you have just moved into a new house. Invariably the first time bad weather passes over you will find that, despite the best efforts of the builder, there will be a few gaps and cracks that let in leaks and drafts. A big enough gap or crack can lead to major issues, so a 'patch up' job is done and the problem is solved.

It's a bit like this when software and hardware is released to the public as a new product or an upgrade. Despite the best efforts of the 'builders', often there are small gaps and cracks that let in the 'bad weather' i.e. attacker. If it isn't patched, it can lead to major issues, especially if the crack or gap is a big one. And this is when cyber security stories hit the headlines, such as the infamous Wannacry attack of 2017 that infected 300,000 computers across 150 countries, with damage reaching into the billions of dollars.

Vulnerabilities in your software and hardware are patched using the information provided by CVEs. SecAlerts alerts you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs). Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack: www.secalerts.co

What is a vulnerability?

Never miss a vulnerability like this again

Top Stories

Apple Rushes Out Security Updates to Address Exploited iOS Zero-Days

Microsoft Releases Patches for 73 Security Flaws, Including Two Zero-Days Under Active Exploitation

Critical Vulnerability Discovered in Fortinet FortiOS Devices

Critical: RCE Vulnerability in Confluence Data Center and Server

Google Fixes Chrome Zero-Day Exploited In The Wild

Security Vulnerability in MLflow Puts Servers at Risk

Apple Rolls Out Extensive Security Updates Across Devices

Features

Why You Need Real-Time Vulnerability Alerts As Your First Line of Defence in Data Protection

Why Every Organisation Needs Real-Time Cybersecurity Alerts

Analysis of CVE-2019-13602: VLC Media Player Integer Underflow

Five Billion Records And Counting ... Why 2023 Was A Big Year For Cyber Breaches

What is PCI DSS Requirement 6.1?

What is PCI DSS Requirement 6?

What is an Approved Scanning Vendor (ASV)?

What is a zero-day?

Company

Resources

Contact