Software-based System Vulnerability

From GM-RKB
(Redirected from computing vulnerability)
Jump to navigation Jump to search

A Software-based System Vulnerability is a system vulnerability for a software-based system.



References

2018

  • (Wikipedia, 2018) ⇒ https://en.wikipedia.org/wiki/Vulnerability_(computing) Retrieved:2018-1-11.
    • In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerabilities are the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. [1] This practice generally refers to software vulnerabilities in computing systems.

      A security risk may be classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is tied to the potential of a significant loss. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability  — a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled — see zero-day attack.

       Security bug (security defect) is a narrower concept: there are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs.

      Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.

  1. Foreman, P: Vulnerability Management, page 1. Taylor & Francis Group, 2010.