[WEB SECURITY] What's the differences between weakness and vulnerability ?

tony_l_turner at yahoo.com tony_l_turner at yahoo.com
Sun Nov 6 16:12:11 EST 2011


A vulnerability is a flaw that prevents legit access or grants unauthorized  
access. A weakness is a flaw that reduces the effectiveness of an  
interactivity control. A concern is is a flaw that reduces the effectiveness  
of a process control. All vulns are weaknesses or concerns, but not all  
weaknesses or concerns are vulnerabilities. See OSSTMM for more on the topic  
under the section on limitations.

Sent from my Verizon Wireless 4GLTE Phone

-----Original message-----
From: matthew chao <mathewchao at gmail.com>
To: websecurity at lists.webappsec.org
Sent: Sun, Nov 6, 2011 19:23:43 GMT+00:00
Subject: [WEB SECURITY] What's the differences between weakness and	 
vulnerability?

WASC's definition of "weakness": "The underlying vulnerability within
the application that is exploited." It seem weakness is equal to
vulnerability, and WASC's Glossary
(http://projects.webappsec.org/w/page/13246967/The%20Web%20Security%20
Glossary) doesn't include the terms.

However, according to "http://cwe.mitre.org/about/faq.html#A.1",
"Software  weaknesses are errors that can lead to software
vulnerabilities. A software  vulnerability is a mistake in software
that can be  directly used by a hacker to gain access to a system or
network.", so they are different concepts.


The situation is confused. so what's the differences between weakness
and vulnerability? thanks!

-Matt

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20111106/2a3f50d5/attachment-0003.html>


More information about the websecurity mailing list