[WEB SECURITY] What's the differences between weakness and vulnerability?
cfonge at zazotechnologies.com
Sun Nov 6 18:31:59 EST 2011
In computer security, a vulnerability is a weakness which allows an attacker
to reduce a system's information assurance.
From: websecurity-bounces at lists.webappsec.org
[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of matthew chao
Sent: Sunday, November 06, 2011 2:35 AM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] What's the differences between weakness and
WASC's definition of "weakness": "The underlying vulnerability within the
application that is exploited." It seem weakness is equal to vulnerability,
and WASC's Glossary
Glossary) doesn't include the terms.
However, according to "http://cwe.mitre.org/about/faq.html#A.1",
"Software weaknesses are errors that can lead to software vulnerabilities.
A software vulnerability is a mistake in software that can be directly
used by a hacker to gain access to a system or network.", so they are
The situation is confused. so what's the differences between weakness and
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
More information about the websecurity