Software Weakness

Security Vulnerability

Software Attack

Security Failure

Source Code

A vulnerability is the result [of the exploitation] of one or more weaknesses in requirements, design, implementation, or operation. Sometimes a weakness can never result in a failure, in which case it is not exploitable and not a vulnerability. Such a weakness might be masked by another part of the software or might only cause a failure in combination with another weakness. Thus we use the term "weakness" instead of "flaw" or "defect." [1]


    [2] The MITRE Corporation. Common Attack Pattern Enumeration and Classification (CAPEC), Glosary, Attack.