A vulnerability is a weakness that can be exploited by a threat actor. A code misconfiguration is a vulnerability because it represents an error or unsafe condition in how software, infrastructure, or access is configured. Examples include exposed administrative interfaces, missing authentication checks, overly permissive storage permissions, or insecure default settings. A trojan and a virus are forms of malware, not vulnerabilities. An attack on flawed code is an exploit or exploitation attempt, because it uses the weakness rather than being the weakness itself. The distinction is important: vulnerability is the condition, exploit is the method used to take advantage of it, and threat actor is the entity performing the action. Security programs reduce risk by discovering vulnerabilities, prioritizing them by severity and exposure, and applying remediation such as patching, configuration changes, compensating controls, or access restrictions. Reference/topics: Cybersecurity 1.1, vulnerabilities and exploits; Cybersecurity 1.3, common attack types.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit