[WEB SECURITY] What's the differences between weakness and vulnerability?

Michal Zalewski lcamtuf at coredump.cx
Sun Nov 6 18:35:38 EST 2011

> The situation is confused. so what's the differences between weakness
> and vulnerability? thanks!

The short answer is that there is a baseline of fairly precise,
commonly used terms - and that set is almost universally embraced
across the infosec community; but there is no single, official way of
referring to some of the more abstract and fine-grained distinctions
that aren't useful in practical discourse.

You stumbled upon one of these examples.

Try to get your message across as plainly and clearly as possible, and
you will probably find no need to settle this. The moment you start
creating byzantine taxonomies just for the sake of it (as many
organizations and compliance frameworks are prone to), you will find
that some people disagree, and most of them just don't care. They're
probably right :-)


More information about the websecurity mailing list