Thank you for the opportunity to help you with your question!
yes, In computer security overall, a “vulnerability” is a weakness that allows an attacker to reduce a system’s information assurance; an intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. Regarding software, the “bug” is a fault causing it to produce an incorrect or unexpected result, or to behave in unintended (for its developers and users) ways. In other words, a vulnerable software may usually work okay, but when it is approached in a “different manner” (i.e. with malicious intent and appropriate tools), things may happen. And they actually do.
As a rule vulnerabilities are the results of development mistakes, insufficient quality assurance and/or outright wrong approach to coding – when the software is written without security in mind from the day one. Later there could be stacks of patches, making the original package swell twice per its original size, and still there are more and more bugs discovered. Simply because the software is “genetically” vulnerable.
Please let me know if you need any clarification. I'm always happy to answer your questions.
Are all Flaws consider "Unexpected Behaviors" or just those you listed in your post. Is an unexpected behavior in a computer program necessarily a vulnerability? A program that crashes because a user enter the worng password too many times would be considered an "Unexpected Behavior", but dose this make it a "vulnerability"?
Jul 15th, 2015
Are you studying on the go? Check out our FREE app and post questions on the fly!