SecAlerts Blog

What is a vulnerability?

You'll often read a story discussing a vulnerability and, possibly, the 'fix' (known as a CVE) for that vulnerability.

According to MITRE Corporation, which has been notifying the world of CVEs since 1999, a vulnerability is: "A weakness in the computational logic (e.g. code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety)."

Putting it into easy-to-understand terms ... vulnerabilities are a weakness in software and hardware that can be exploited by an attacker (aka threat actor) to perform unauthorized actions within a computer network.

Still unsure? Imagine you have just moved into a new house. Invariably the first time bad weather passes over you will find that, despite the best efforts of the builder, there will be a few gaps and cracks that let in leaks and drafts. A big enough gap or crack can lead to major issues, so a 'patch up' job is done and the problem is solved.

It's a bit like this when software and hardware is released to the public as a new product or an upgrade. Despite the best efforts of the 'builders', often there are small gaps and cracks that let in the 'bad weather' i.e. attacker. If it isn't patched, it can lead to major issues, especially if the crack or gap is a big one. And this is when cyber security stories hit the headlines, such as the infamous Wannacry attack of 2017 that infected 300,000 computers across 150 countries, with damage reaching into the billions of dollars.

Vulnerabilities in your software and hardware are patched using the information provided by CVEs. SecAlerts alerts you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs). Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack: www.secalerts.co

Other terms concisely explained:

What is a CVE?

What is a CVE ID?

What is a CVSS?

What is a CNA?

What is a zero-day?

What is a bug bounty program?

What is CVE?

What is a Candidate Naming Authority?

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: