A data processing tool crashed when a user added more data to the buffer than its storage capacity allows. The incident was caused by the tool's inability to bound-check arrays. What kind of vulnerability is this?
A.
Intrinsic vulnerability, i.e., inability to bound-check arrays, is a characteristic of the data processing tool
B.
Extrinsic vulnerability, i.e., the exploit of the buffer overflow vulnerability, is caused by an external factor
C.
None; buffer overflow is not a vulnerability; it is a threat
Intrinsic vulnerabilities are inherent flaws in a system, software, or tool. In this case, the inability to bound-check arrays is an inherent weakness of the software, making it an intrinsic vulnerability. This aligns with ISO/IEC 27001:2022 Annex A Control A.8.9 (Configuration Management), which mandates secure software design and validation practices.
Extrinsic vulnerabilities arise due to external factors (e.g., misconfigurations or lack of security patches).
Buffer overflow is a vulnerability, not a threat, because it represents a weakness that can be exploited by an attacker.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit