What is Vulnerability?

Understanding Vulnerability

A flaw or weakness in system security procedures design implementation or internal controls that could be exercised accidentally triggered or intentionally exploited and result in a security breach or a violation of the systems security policy. A vulnerability is a weakness defect or gap in a system security control or implementation that could be exploited by a threat actor to gain unauthorized access cause harm or otherwise violate security objectives. Vulnerabilities can exist in software hardware configurations processes or human behavior and are fundamental components of risk. Vulnerability management is central to frameworks like ISO 27001 NIST SP 800-53 and numerous regulatory requirements. Organizations manage vulnerabilities through scanning patch management risk assessment remediation prioritization and security testing. For example a healthcare organization might implement a comprehensive vulnerability management program including regular automated scanning of all systems prioritizing vulnerabilities based on criticality and exploitability implementing compensating controls when immediate patching isnt possible and validating remediation through verification testing while tracking metrics on remediation timeframes and vulnerability exposure. Related terms Vulnerability management Exploit Security flaw Weakness Patch CVE CVSS Risk Penetration testing Vulnerability scanner Security bug.