vulnerability

(redirected from Vulnerabilities)
Also found in: Dictionary, Thesaurus, Medical, Legal.

vulnerability

[‚vəl·nə·rə′bil·əd·ē]
(computer science)
A weakness in a computing system that can result in harm to the system or its operations, especially when this weakness is exploited by a hostile person or organization or when it is present in conjunction with particular events or circumstances.

Vulnerability

Vulgarity (See COARSENESS.)
Achilles
warrior vulnerable only in his heel. [Gk. Myth.: Zimmerman, 4]
Antaeus
only vulnerable if not touching ground. [Gk. and Rom. Myth.: Hall, 151]
Balder
conquerable only with mistletoe. [Norse Myth.: Walsh Classical, 43]
Diarmuid
Irish Achilles, killed through cunning Fionn’s deceit. [Irish Myth.: Jobes, 443; Parrinder, 79]
Maginot Line
French fortification zone along German border; thought impregnable before WWII. [Fr. Hist.: NCE, 1658]
Samson
strength derived from his hair; betrayed by Delilah. [O.T.: Judges 16]
Siegfried
vulnerable in only one spot on his back. [Ger. Opera: Wagner, Götterdämmerung, Westerman, 245]
Siegfried Line
German fortification zone opposite the Maginot Line between Germany and France. [Ger. Hist.: WB, 17: 370]
Superman
invulnerable except for Kryptonite. [TV: “The Adventures of Superman” in Terrace, I, 38; Comics: Horn, 642]

vulnerability

A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.

In light of this madness, mostly perpetrated against Microsoft products, the architecture of future operating systems has changed. Designing software to be bulletproof against attacks is like building a house where every square inch is fortified with steel and sensors that detect intrusions. Patching an existing operating system written by hundreds of programmers who were not dwelling on this issue when they wrote the code is an onerous job.

Security firms maintain databases of vulnerabilities based on version number of the software. If exploited, each vulnerability can potentially compromise the system or network. To search for vulnerabilities and exposures in the National Vulnerability Database (NVD), visit http://web.nvd.nist.gov/view/vuln/search?cid=1. See network security scanner and vulnerability disclosure.
References in periodicals archive ?
0 helps me and my development team find and fix vulnerabilities in our ASP.
Many vulnerability assessment tools require end-user configurations to select the type of device, operating systems, applications, and vulnerabilities that they want to detect.
An effective computer security program is designed around the concept of identifying computer vulnerabilities and providing computer system users with guidance on how to eliminate, or at least reduce, these vulnerabilities.
The Frost & Sullivan research points to the increasing number of vulnerabilities and the shrinking window between vulnerability and exploit.
In addition, the synchronized release of new and updated third-party products that support new operating systems will likely contribute to a record year for vulnerabilities in 2007.
Scuba by Imperva does not run exploits against the database or provide information useful to exploiting the vulnerabilities it finds.
Determina Vulnerability Protection Suite[TM] (VPS[TM]) is the only solution to address the root cause of attacks - the software vulnerabilities themselves.
Digital Bond has also identified numerous SCADA application and protocol vulnerabilities, including the vulnerability disclosed in US-CERT's first SCADA related vulnerability note.
Both vulnerabilities could allow an attacker to take control over a victim's computer if the targeted user viewed a malicious Web page.
The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut," said Marc Maiffret, eEye's founder and CTO.
Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities," said Alan Paller, director of research, SANS.
Tenable's Security Center, Passive Vulnerability Scanner and Nessus Vulnerability Scanner all currently provide support for NIST's CVSS scores, and our research team is actively engaged with NIST on scoring for new vulnerabilities.