What is a vulnerability?

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

You'll often read a story discussing a vulnerability and, possibly, the 'fix' (known as a CVE) for that vulnerability.

According to MITRE Corporation, which has been notifying the world of CVEs since 1999, a vulnerability is: "A weakness in the computational logic (e.g. code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety)."

Putting it into easy-to-understand terms ... vulnerabilities are a weakness in software and hardware that can be exploited by an attacker (aka threat actor) to perform unauthorized actions within a computer network.

Still unsure? Imagine you have just moved into a new house. Invariably the first time bad weather passes over you will find that, despite the best efforts of the builder, there will be a few gaps and cracks that let in leaks and drafts. A big enough gap or crack can lead to major issues, so a 'patch up' job is done and the problem is solved.

It's a bit like this when software and hardware is released to the public as a new product or an upgrade. Despite the best efforts of the 'builders', often there are small gaps and cracks that let in the 'bad weather' i.e. attacker. If it isn't patched, it can lead to major issues, especially if the crack or gap is a big one. And this is when cyber security stories hit the headlines, such as the infamous Wannacry attack of 2017 that infected 300,000 computers across 150 countries, with damage reaching into the billions of dollars.

Vulnerabilities in your software and hardware are patched using the information provided by CVEsSecAlerts alerts you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs). Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack:

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203