[WEB SECURITY] What's the differences between weakness and vulnerability?

Celestain Fonge cfonge at zazotechnologies.com
Sun Nov 6 18:31:59 EST 2011

Per  http://en.wikipedia.org/wiki/Vulnerability_(computing)
In computer security, a vulnerability is a weakness which allows an attacker
to reduce a system's information assurance.


-----Original Message-----
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of matthew chao
Sent: Sunday, November 06, 2011 2:35 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] What's the differences between weakness and

WASC's definition of "weakness": "The underlying vulnerability within the
application that is exploited." It seem weakness is equal to vulnerability,
and WASC's Glossary
Glossary) doesn't include the terms.

However, according to "http://cwe.mitre.org/about/faq.html#A.1",
"Software  weaknesses are errors that can lead to software vulnerabilities.
A software  vulnerability is a mistake in software that can be  directly
used by a hacker to gain access to a system or network.", so they are
different concepts.

The situation is confused. so what's the differences between weakness and
vulnerability? thanks!


The Web Security Mailing List

WebSecurity RSS Feed

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter

websecurity at lists.webappsec.org

More information about the websecurity mailing list