LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is a Vulnerability in software security?

A weakness — in design, configuration, procedures, or code — that lets a threat cause harm if it's realized.

A vulnerability is any characteristic of a system (its location, security posture, design, security procedures, internal controls, or implementation) that permits a threat or hazard to occur. It's the "open door" — on its own it causes no harm, but it's what an attack needs to succeed.

Vulnerabilities come in several categories — not just buggy code:

Category Example
Implementation (code) bugs Buffer overflow, SQL injection, missing input validation
Design flaws Sending passwords in plaintext, no authentication on an API
Configuration weaknesses Default admin password left unchanged, an S3 bucket set to public
Procedural / human No patch process, employees who fall for phishing

Degree of vulnerability is a qualitative or quantitative expression of how susceptible the system is to harm when a threat is realized (this is what scores like CVSS try to capture).

Why it matters: Secure coding eliminates the implementation-bug category, but it can't fix a weak design, a misconfiguration, or a missing patch process — those need secure design, hardening, and good operational procedures as well.

From Quiz: SPRG / Security Fundamentals | Updated: Jul 14, 2026