[WEB SECURITY] What's the differences between weakness and vulnerability?
mathewchao at gmail.com
Sun Nov 6 03:35:05 EST 2011
WASC's definition of "weakness": "The underlying vulnerability within
the application that is exploited." It seem weakness is equal to
vulnerability, and WASC's Glossary
Glossary) doesn't include the terms.
However, according to "http://cwe.mitre.org/about/faq.html#A.1",
"Software weaknesses are errors that can lead to software
vulnerabilities. A software vulnerability is a mistake in software
that can be directly used by a hacker to gain access to a system or
network.", so they are different concepts.
The situation is confused. so what's the differences between weakness
and vulnerability? thanks!
More information about the websecurity