[WEB SECURITY] What's the differences between weakness and vulnerability?

Celestain Fonge cfonge at zazotechnologies.com
Sun Nov 6 18:31:59 EST 2011


Per  http://en.wikipedia.org/wiki/Vulnerability_(computing)
 
In computer security, a vulnerability is a weakness which allows an attacker
to reduce a system's information assurance.

Regards,
Celestain.

-----Original Message-----
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of matthew chao
Sent: Sunday, November 06, 2011 2:35 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] What's the differences between weakness and
vulnerability?

WASC's definition of "weakness": "The underlying vulnerability within the
application that is exploited." It seem weakness is equal to vulnerability,
and WASC's Glossary
(http://projects.webappsec.org/w/page/13246967/The%20Web%20Security%20
Glossary) doesn't include the terms.

However, according to "http://cwe.mitre.org/about/faq.html#A.1",
"Software  weaknesses are errors that can lead to software vulnerabilities.
A software  vulnerability is a mistake in software that can be  directly
used by a hacker to gain access to a system or network.", so they are
different concepts.


The situation is confused. so what's the differences between weakness and
vulnerability? thanks!

-Matt

_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org





More information about the websecurity mailing list