[TOC]
↗ Software Vulnerability & Weakness ↗ Software Quality Assurance (SQA) ↗ ICT System Reliability (Correctness) & Verification
↗ Cybersecurity Threats & Attacks
↗ Software Vulnerability & Weakness
#vulnerability #faults #bug #feature_design #debug #correctness
↗ Software Testing / Error, Faults and Failures
Bugs, faults, or incorrectness, are mistakes in codes that violates the specification of the program/software.
- When talking about bugs or faults, people usually only focus on the developers and users, where there is no attackers.
Vulnerabilities, are aspects exploitable to an attacker. These can be either the violations of specification or the default in the specification itself as well (even if the code 100% implementing the specification correctly).
- The concept of vulnerability is related to security. When talking about security issues, there would always be an attacker. More specifically, the attacker and the attacking methods comprise of the threat. Hence, when it comes to security, we are always wondering what the threat is, what attacking surfaces (vulnerabilities) are in the system, and how to prevent that threat from exploiting the vulnerabilities, which leads to loss in asset.
A interesting scenario one would find is, sometimes the designed features of some kind of software causes unexpected behavior, which might be a potential vulnerability to be used by an attacker. Unlike most hidden vulnerabilities, such vulnerabilities are more of ill-designed features, and are usually not really the vulnerability issues discussed in security (although by definition they are vulnerabilities).