What is a vulnerability?
A vulnerability is a weakness in a system, its security procedures, internal controls, or implementation that could be exploited or triggered by a threat source to cause harm.
What it means
Per NIST, a vulnerability is an exploitable weakness in an information system or its controls. It is the gap that an attack targets — for example a missing patch, a misconfiguration, or weak access rules. Finding, ranking, and fixing vulnerabilities is central to security-analyst, vulnerability-management, and audit work.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is a vulnerability? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |